PBKDF2 metadata macros are buggy and untested

[gilles-peskine-arm]

• Test gap: PBKDF2 is missing from test_suite_psa_crypto_metadata.data.
• This may cause additional test gaps because we use test_suite_psa_crypto_metadata.data as one of the ways to detect available mechanisms for systematically generated test cases.
• Bug (originally reported internally against the PSA API specification, which inherited sample definitions of macros from Mbed TLS): PSA_ALG_KEY_AGREEMENT_GET_KDF() and PSA_ALG_KEY_AGREEMENT_GET_BASE() don't give the expected results for PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_PBKDF2_xxx).

[gilles-peskine-arm]

For test_suite_psa_crypto_metadata.data:

Key derivation: PBKDF2 using HMAC-SHA-256
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_PBKDF2_HMAC
key_derivation_algorithm:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):ALG_IS_PBKDF2_HMAC:ALG_IS_PBKDF2

Key derivation: PBKDF2 using HMAC-SHA-384
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
key_derivation_algorithm:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_384):ALG_IS_PBKDF2_HMAC:ALG_IS_PBKDF2

Key derivation: PBKDF2 using AES-128-CMAC
depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
key_derivation_algorithm:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:ALG_IS_PBKDF2

Add the two new ALG_IS_xxx flags to the .function file.

[gilles-peskine-arm]

Note that it doesn't really make sense to chain a key agreement with PBKDF2: PBKDF2 is generally meant for passwords (low entropy), not key agreement shared secrets (high entropy but not fully uniform). However, there may be protocols that use PBKDF2 with a single iteration as a KDF because they're also using PBKDF2 with many iterations to process passwords and they want to minimize the number of primitives. So arguably we should test the chaining of a key agreement with PBKDF2.