Define a new type mbedtls_pk_sigalg_t which is a subset of mbedtls_pk_type_t, containing only the values that are meaningful as a signature algorithm in an X.509 structure. Prototyped in #204.

typedef enum {
    MBEDTLS_PK_SIGALG_NONE = 0,
    MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
    MBEDTLS_PK_SIGALG_RSA_PSS,
    MBEDTLS_PK_SIGALG_ECDSA,
} mbedtls_pk_sigalg_t;

Change the definition of mbedtls_pk_type_t so that the matching names have the same value (the old “RSA” is for PKCS#1v1.5). This will let us keep using old mbedtls_pk_type_t names for the new type.

typedef enum {
    MBEDTLS_PK_NONE = MBEDTLS_PK_SIGALG_NONE,
    MBEDTLS_PK_RSA = MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
    MBEDTLS_PK_RSASSA_PSS = MBEDTLS_PK_SIGALG_RSA_PSS,
    MBEDTLS_PK_ECDSA = MBEDTLS_PK_SIGALG_ECDSA,
    MBEDTLS_PK_ECKEY,
    MBEDTLS_PK_ECKEY_DH,
    MBEDTLS_PK_OPAQUE,
} mbedtls_pk_type_t;

Switch mbedtls_pk_sign_ext() and mbedtls_pk_verify_ext() to the new type.

After this and crypto-private-header-move, there are no more references to mbedtls_pk_type_t in public interfaces of TF-PSA-Crypto.

Unblocks: Mbed-TLS/mbedtls#10264