The Musca-S1 does not have a real OTP, so its crypto hardware values are saved to MRAM instead. Before, the life-cycle state was only checked on the S1 from the MRAM once
provisioning was already done. This resulted in being able to run provisioning repeatedly. Change this so that the values in the MRAM are used always, so that one needs to wipe the MRAM to repeat the process. Also, update the relevant docs.

Commit: https://review.trustedfirmware.org/c/trusted-firmware-m/+/4223