Support PKCS11 EC client certs in PKINIT

Support PKCS11 EC client certs in PKINIT

Move the digest computation and DigestInfo encoding from
cms_signeddata_create() to pkinit_sign_data_pkcs11(), and
conditionalize the DigestInfo encoding on the key type.  Use CKM_ECDSA
instead of CKM_RSA_PKCS for EC keys, and convert the resulting
signature from the PKS11 encoding to the ASN.1 encoding required by
CMS.

Regenerate the test certificates with an additional EC client cert.
Add test cases for EC client certs with and without PKCS11.

ticket: 9112 (new)