PDF extension support: ISO/TS 32001 and ISO/TS 32002

[MatthiasValvekens]

Description of the changes

This PR adds support for two new extensions to PDF, ISO/TS 32001 and ISO/TS 32002. The former extends the standard to allow hashes from the SHA-3 family, and the latter clarifies ECDSA support while also adding EdDSA to the list of supported signature algorithms (both Ed25519 and Ed448).

The code in this PR actually contains relatively few functional changes due to the flexible nature of the internal API. The changes can be roughly broken down as follows:

• Extend a few low-level API functions to enable validation of PDF signatures using EdDSA. Certificates with EdDSA signatures were already supported in pyhanko-certvalidator.
• Extend both in-memory and PKCS#11-based signer implementations to support EdDSA generically.
• ECDSA support required no specific changes, since all relevant curves are already natively supported in pyca/cryptography.
• Put in place some hooks to automatically register the relevant extension declarations in the document's developer extensions dictionary.
• Last but not least: tests, tests, tests.

Caveats

Currently, using SHA-3 with RSA and DSA requires some creative ASN.1 wrangling. There's an upstream PR over at the asn1crypto repo that would resolve most/all of these issues; see wbond/asn1crypto#238. SHA-3 digests with ECDSA should just work out of the box.

Checklist

• [x] I have read the project's CoC and contribution guidelines.
• [x] I understand and agree to the terms in the Developer Certificate of Origin as applied to this contribution.
• [x] All new code in this PR has full test coverage.

For new features

• [x] I have discussed the implementation of this feature with the project maintainer(s) on the discussion forum or over email.
• [x] I have verified that my changes do not break existing API or CLI functionality, or ensured that all breaking changes are clearly documented in this PR.
• [x] All public API functionality in this PR is documented.

[MatthiasValvekens]

Looks like the SoftHSM version in the Ubuntu focal repo isn't recent enough. Will attempt to run the actions on jammy instead...

[codecov-commenter]

Codecov Report

Base: 98.72% // Head: 98.74% // Increases project coverage by +0.01% :tada:

Coverage data is based on head (7a20a42) compared to base (2b478b9). Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #169 +/- ## ========================================== + Coverage 98.72% 98.74% +0.01% ========================================== Files 78 78 Lines 11943 12018 +75 ========================================== + Hits 11791 11867 +76 + Misses 152 151 -1 ``` | Flag | Coverage Δ | | |---|---|---| | unittests | `98.74% <100.00%> (+0.01%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#carryforward-flags-in-the-pull-request-comment) to find out more. | [Impacted Files](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens) | Coverage Δ | | |---|---|---| | [pyhanko/sign/general.py](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#diff-cHloYW5rby9zaWduL2dlbmVyYWwucHk=) | `100.00% <100.00%> (ø)` | | | [pyhanko/sign/pkcs11.py](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#diff-cHloYW5rby9zaWduL3BrY3MxMS5weQ==) | `100.00% <100.00%> (ø)` | | | [pyhanko/sign/signers/constants.py](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#diff-cHloYW5rby9zaWduL3NpZ25lcnMvY29uc3RhbnRzLnB5) | `100.00% <100.00%> (ø)` | | | [pyhanko/sign/signers/pdf\_cms.py](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#diff-cHloYW5rby9zaWduL3NpZ25lcnMvcGRmX2Ntcy5weQ==) | `100.00% <100.00%> (ø)` | | | [pyhanko/sign/signers/pdf\_signer.py](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#diff-cHloYW5rby9zaWduL3NpZ25lcnMvcGRmX3NpZ25lci5weQ==) | `100.00% <100.00%> (ø)` | | | [pyhanko/sign/validation/utils.py](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#diff-cHloYW5rby9zaWduL3ZhbGlkYXRpb24vdXRpbHMucHk=) | `100.00% <100.00%> (ø)` | | | [pyhanko/pdf\_utils/incremental\_writer.py](https://codecov.io/gh/MatthiasValvekens/pyHanko/pull/169/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens#diff-cHloYW5rby9wZGZfdXRpbHMvaW5jcmVtZW50YWxfd3JpdGVyLnB5) | `100.00% <0.00%> (+0.78%)` | :arrow_up: | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matthias+Valvekens)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.