Add RSA-PSS signature verification support (TLS 1.3 with RSA cert)

[EdouardMALOT]

Summary

This PR adds RSA-PSS (Probabilistic Signature Scheme) signature verification support to NetX Duo, as defined in RFC 8017 §8.1.

RSA-PSS is required for TLS 1.3 compliance: RFC 8446 §4.2.3 mandates the use of RSA-PSS for all RSA-based signatures in TLS 1.3 handshakes.

Changes

• crypto_libraries/inc/nx_crypto_const.h — add NX_CRYPTO_DIGITAL_SIGNATURE_RSAPSS constant (0x00050004)
• crypto_libraries/inc/nx_crypto_rsa.h — declare _nx_crypto_rsa_pss_verify()
• crypto_libraries/src/nx_crypto_rsa.c — implement:
  • _nx_crypto_rsa_pss_mgf1() — Mask Generation Function 1 (RFC 8017 §B.2.1)
  • _nx_crypto_rsa_pss_verify() — PSS encoding verification (salt length == hash length, as required by RFC 8446 §4.2.3)
• nx_secure/src/nx_secure_tls_process_certificate_verify.c — handle NX_CRYPTO_DIGITAL_SIGNATURE_RSAPSS in CertificateVerify processing
• nx_secure/src/nx_secure_tls_send_clienthello_extensions.c — advertise RSA-PSS signature algorithms in ClientHello extensions

Test plan

• TLS 1.3 handshake with a server using an RSA certificate completes successfully
• CertificateVerify message with rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, and rsa_pss_rsae_sha512 is correctly verified
• Invalid RSA-PSS signature is rejected with NX_CRYPTO_NOT_SUCCESSFUL

[EdouardMALOT]

@eclipseefa recheck

[fdesbiens]

Thank you for this contribution, @EdouardMALOT. We will review and provide feedback.