agent: Enumerate only the supported signature schemes for RSA keys
SHA-384 is not supported but is selected by signature_schemes_for_key()
for keys between 3072 and 7680 bits.
Since this is only called for IKEv2 signature authentication we don't
even provide SHA-1 anymore. We always provide both schemes, though,
which is what pubkey-authenticator does too for RSA.
Older agents apparently just ignore the flags and always return a SHA-1
signature. If that's the case, charon.signature_authentication has to
be disabled.