security: zeroize pem encoded key

[boxdot]

PemEncodedKey is now zeroized and no longer contains ASN.1 parsed
data. Because Vec<simple_asn1::ASN1Block> owns the underlying bytes
and does not support zeroization, the full ASN.1 parsing has been
replaced by a custom partial ASN.1 implementation. This parsing is
performed only to classify the key type during construction and to
extract the key bytes on access.

This change also allows the removal of the simple_asn1 dependency.

Closes #337 after #483 is merged.

[boxdot]

I had quite some fun while implementing this, especially recalling the TLV encoding and writing a custom recursive parser.

[arckoor]

This will likely take me a while to review, my ASN.1 skills are rusty at best
For at least one of the keys I'd also like to see a test that directly compares the parsed point to the expected value (i.e. you manually extract them with your cryptographic library of choice, openssl, botan, ... and compare to that)
Some comments to relevant RFCs would also be helpful
May also want to throw a fuzzer at this, though that would be something to consider in general for this library
As a convenient side benefit, by no longer depending on simple_asn1 it would allow dropping the MSRV back down 🤔

[boxdot]

Let me

• add comments about parsing (e.g. RFCs), and
• make tests less fuzzy

[arckoor]

I haven't reviewed the logic yet, but I fuzzed it a bit

[arckoor]

Out of bounds:

let _ = read_tlv(&mut [0x1f, 0]);

// with a certificate:
let data = "
-----BEGIN PUBLIC KEY-----
AA==
-----END PUBLIC KEY-----";
let _ = DecodingKey::from_rsa_pem(data.as_bytes());

Add a regression test as well please