Rewrite gen_key.c for PSA

[davidhorstmann-arm]

Part of implementing #9904

Rewrite pkey/gen_key.c to use the PSA API.

The rewritten program does not need to have full feature parity with the original gen_key.c (for example it doesn't need to output the key in hexadecimal on the command line) but it needs to be able to generate a key with the requested parameters and write it to a file using the PSA API (along with PK).

Specifically it needs to support all of the options used by the not-yet-merged script cert_write_demo.sh. It would also be nice if it could support all of the other gen_key options except use_dev_random (since we don't control the entropy source in PSA). Ensuring that it's as compatible as possible will help our users.

This task is done when gen_key.c is rewritten and no longer uses the legacy API, but only PSA and PK.

Estimate: 8 Ideal Engineering Hours

[gilles-peskine-arm]

Preferably we should keep supporting the options mentioned in https://github.com/Mbed-TLS/mbedtls-docs/blob/main/kb/cryptography/rsa-key-pair-generator.md, https://github.com/Mbed-TLS/mbedtls-docs/blob/main/kb/how-to/generate-a-certificate-request-csr.md and https://github.com/Mbed-TLS/mbedtls-docs/blob/main/kb/kb/how-to/generate-a-self-signed-certificate.md — that means type={rsa,ecc}, rsa_keysize, ec_curve, filename and format.

I expect that we can reuse most of the existing code. We do need to rewrite three parts:

• RNG setup — now just psa_crypto_init and mbedtls_psa_crypto_free.
• Key generation and pk encapsulation: now psa_generate_key and mbedtls_pk_copy_from_psa.
• Curve name to encoding — that's no longer a library interface. I guess we'll just have a list in this program. Ideally we would figure out the list of available curves from somewhere, in fact ideally there would be an API to find the list of available curves, but that would be way overkill in the 4.0/1.0 time frame.