[Key Vault] Implement abstract RSA key interfaces from cryptography

[laiapat]

Description

Resolves #31877. This PR adds an implementation of the cryptography library's abstract RSAPrivateKey and RSAPublicKey interfaces.

The key implementations accept a cryptography client and key material, but are meant to be created with create_rsa_private_key and create_rsa_public_key methods on CryptographyClient. The cryptography client is used to perform cryptographic operations (decryption and signing for private, encryption and verification for public). Byte serialization and RSAPublicKey.recover_data_from_signature use cryptography's own implementations. Deprecated interface methods are left unimplemented.

There were initial limitations to the operations we could perform because of opaque types in cryptography. The library maintainers helped me get a fix merged, which should be available in the next release. Since we know that there will be public properties for these attributes, we can safely access private attributes that have always been present as a backup. This can be seen in the code where we inspect .algorithm and .mgf attributes.

All SDK Contribution checklist:

• The pull request does not introduce [breaking changes]
• CHANGELOG is updated for new features, bug fixes or other significant changes.
• I have read the contribution guidelines.

General Guidelines and Best Practices

• Title of the pull request is clear and informative.
• There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

• Pull request includes test coverage for the included changes.

[azure-sdk]

API change check

APIView has identified API level changes in this PR and created following API reviews.

azure-keyvault-keys

[heaths]

private_numbers and private_bytes are left unimplemented since the private portion of the key is managed by Key Vault.

Why not attempt to download them like I do for .NET's and Go's (unofficial) CryptographyClient? Don't fail - simply send to the service - if you can't, though. But it's more of a proxying optimization.

[heaths]

Barring a more thorough Pythonic review, LGTM.