Rework the validation of RSA domain parameters in psa_import_key().

[ronald-cron-arm]

Description

• Type: Enhancement
• Priority: Minor

Bug

Issue introduced when restructuring the PSA import and export code following docs/architecture/mbed-crypto-storage-specification.md (#3933).

Expected behavior
As per @stevew817 comment, if an RSA key and its attributes are validated by a driver, there should not be extra validation relying on the software implementation of RSA.

Thoughts towards a fix
Given the new structure of the PSA import code, the natural place for the check of the RSA domain parameters when importing an RSA key is mbedtls_psa_rsa_import_key().

Why are we not just rejecting RSA domain parameters when importing an RSA key as the only thing we do with them is to check that they are compatible with the RSA key ?

The fix should take into account that the check of RSA domain parameters needs eventually to be done as part of psa_generate_key() when generating an RSA key (see @gilles-peskine-arm comment).

More generally (beyond RSA/import specifics) probably that psa_validate_optional_attributes() needs to be dismantled with:
. the API specific checks being done in each APIs. Currently psa_validate_optional_attributes(), checks the attributes key type against the slot key type which makes sense for psa_copy_key() and psa_validate_key() but is not necessary for psa_import_key().
. the algorithm specific checks being done in the corresponding software driver, RSA checks in psa_crypto_rsa.c ...

[gilles-peskine-arm]

Moot now that domain parameters have been removed in #6495.