Consider forcing default provider for Verify and Encrypt

[krwq]

Starting from https://github.com/dotnet/runtime/pull/104961 we can open keys from the provider. Some providers (most notably tpm2) will not allow to use private key for Verify and Encrypt operations but this is not consistent with what we do on other platforms.

Current workaround is that public key can be exported and imported into new instance which will use default provider and allow for this operation.

This issue is tracking discussion whether we want to override the behavior (this can be done by either getting public key and using it or just directly forcing default provider by passing in NULL LIB_CTX* to API creating EVP_PKEY_CTX).

Here are some points against:

• chosen provider will not be used for the operations even if explicitly chosen by the user - that would force it to use default always
• private keys are meant for Sign/Decrypt only and it's frequently a bug that private key is used for verification which is most likely the reason tpm2 provider blocks that in the first place

Ref: https://github.com/dotnet/runtime/pull/104961#discussion_r1683613752

[dotnet-policy-service[bot]]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.