[MASWE-0015] Deprecated Android KeyStore Implementations

[cpholguera]

Description

Create a new risk for "Deprecated Android KeyStore Implementations (MASVS-CRYPTO-2)" using the following information:

Avoid deprecated implementations such as BKS

Create "risks/MASVS-CRYPTO/2-***-****/deprecated-keystore/risk.md" including the following content:

---
title: Deprecated Android KeyStore Implementations
alias: deprecated-keystore
platform: [android]
profiles: [L2]
mappings:
  masvs-v1: [MSTG-CRYPTO-4]
  masvs-v2: [MASVS-CRYPTO-2, MASVS-CODE-3]
  mastg-v1: [MASTG-TEST-0014]

---

## Overview

## Impact

## Modes of Introduction

## Mitigations

To complete the sections follow the guidelines from Writing MASTG Risks & Tests

Use at least the following references:

• https://labs.withsecure.com/publications/how-secure-is-your-android-keystore-authentication
• https://developer.android.com/reference/java/security/KeyStore
• https://developer.android.com/about/versions/12/behavior-changes-all#bouncy-castle

When creating the corresponding tests, use the following areas to guide you:

• Bouncy Castle (BKS)

MASTG v1 Refactoring:

If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.

• MASTG-TEST-0014 - Testing the Configuration of Cryptographic Standard Algorithms (android)

Acceptance Criteria

• [ ] The risk has been created in the correct directory (risks/MASVS-CRYPTO/2-***-****/deprecated-keystore/risk.md)
• [ ] The risk content follows the guidelines
• [ ] At least one GitHub Issue has been created for the corresponding tests (derived from "Modes of Introduction")
• [ ] The risk indicates the related MASTG v1 tests in its metadata.

[thomascannon]

@cpholguera I don't mind taking this one