Refactor repository and CA code to support BGPsec CSRs.

[partim]

BGPsec CSRs are signed using ECDSA keys rather than the usual RSA. Supporting this requires a slew of changes to the repository and ca modules.

This PR

• moves repository::crypto into its own top-level module and adds the crypto feature,
• adds separate signature algorithm types for RPKI and BGPsec and adds a SignatureAlgorithm trait so the two can be used in parallel,
• makes crypto::signature::Signature generic over the signature algorithm,
• changes the Signer trait and soft-signer implementation to be able to deal with both signature algorithm types via an intermediary SigningAlgorithm enum,
• makes repository::x509::SignedData (the type used for the outer, signed portion of certificates, CRLs, and CSRs) generic over the signature algorithm type so it can be used for both RPKI and BGPsec objects,
• moves repository::oid into its own top-level module and makes it depend on the bcder feature,
• moves repository::csr to ca::csr where it belongs,
• changes the ca::csr’s types to be generic over the signature algorithms and CSR attributes,
• changes the type of the Extended Key Usage attribute of certificates and CSRs into a newtype around the wrapping capture,
• add missing functionality to TbsCert and CertBuilder to be able to generate router certificates, and
• probably some more I forgot.

[timbru]

I did not look at the code yet. Or well I did not give it a good look yet. But I have made krill branch that depends on this and after some sweat and tears that now works with these updates.

I did not yet get to the point of trying to sign BGPSec Router Certificates - but all the other stuff still works.

[timbru]

Looks good to me. I now want to try to create a BGPSec Router Certificate from Krill code. Then again, perhaps it's best to look at any changes needed (if any) for that as a separate PR.

[timbru]

If repository includes crypto does it still need bcder? Also, I am not sure why it needs both bcder and routecore/bcder - though that is not related to this PR.

[partim]

Hm, I wonder if we can make repository not require crypto.

I’m not sure if enabling bcder here also enables it for routecore, so I decided to play it safe. This all is going to change eventually with the new way of dealing with features and dependencies stablised in a recent Rust release, but I don’t want to jump MSRVs too quickly.