Hardware Key Agent w/ PIN caching tracker

[Joerger]

Tracker issue for Hardware Key Agent w/ PIN caching support:

RFD: #52495

PRs (in order of dependency):

• feat: Hardware Key Agent - Add api/utils/keys/hardwarekey package #53671
• feat: Hardware Key Agent - Add hardwarekey.Service interface with adapted PIV implementation #53674
  • feat: Hardware Key Agent - Enrich the PEM encoded hardware private key file #53675
• feat: Hardware Key Agent - Add api/harwdarekey/piv package #53677
• feat: Hardware Key Agent - set hardware key service in client store #53563
• feat: Hardware Key Agent - Propagate contextual key info from key store to hardware key prompts #53703
• feat: Hardware Key Agent - consolidate globally shared PIV service variables #53974
• feat: Hardware Key PIN caching #53976
• feat: Hardware Key Agent #54026
• feat: Hardware Key Agent - command hint #54090
  • Style hardware key prompt with command in Connect #54258
• feat: Hardware Key Agent - require users to configure certificate #54118
• feat: Hardware Key Agent w/ PIN caching - fix cross-cluster support #54144
• feat: Hardware Key Agent - initialize hardware key service at start of tsh daemon #54226
• feat: PIV PIN Caching - add file config option #54328

Related / follow up PRs:

• Rename NewSoftwarePrivateKey to NewPrivateKey #53598
  • https://github.com/gravitational/teleport.e/pull/6304
  • Remove unused parameter in keys.NewPrivateKey #53678
• Add DeleteProfile to client.ProfileStore #53781
• Remove MaxUint32 call to fix builds on 32-bit systems #54125
• feat: Hardware Key Agent - fix socket replacement on Windows #54126
• Revert pin caching change for connect to fix race condition #54140
• https://github.com/gravitational/teleport.e/pull/6256
• followup: remove hardwarekey package aliases #53467
• Require ClientStore in client.Config #54227
• Move hardware key change pin stderr message to cliPrompt #54207

Backports:

• [v17] Hardware Key Agent w/ PIN caching #54297
• [v16] Hardware Key Agent w/ PIN caching #54298

Follow ups after backports:

• fix: don't cache an incorrect PIV PIN #54614
  • TODO: Update solution if Allow checking if PIN is required with CheckPIN go-piv/piv-go#174 is merged
• Revamp the Hardware Key Support test plan #54617
• feat: Hardware Key Agent validates known keys #54691
• fix: release PIV connection during PIN prompts - avoid "the smart card has been reset" error #54700
  • TODO: Update solution once Try to reconnect transaction on SCARD_W_RESET_CARD error go-piv/piv-go#173 and Allow checking if PIN is required with CheckPIN go-piv/piv-go#174 is merged

Docs:

• docs: Add Hardware Key Agent and PIN Caching sections #54369

TODO:

• Add context to hardware key service - default ctx in signatures
• Move MockHardwareKeyService out of /api
• Optional: Add a way to start the agent from Teleport Connect, in case it is not yet enabled or fails to start the server on startup.

[rosstimothy]

@Joerger can this be closed now?