The PIN objects should not be propagated to the PKCS#11 interface

[Jakuje]

For PIN objects, we should we either:

• use some vendor specific types to avoid applications interpreting these as they are propagated to pkcs11 layer
• filter the PIN objects from the pkcs11-layer results?

(or both)

Right now, it is possible to find the PIN objects through searching for the SECRET keys:

5489: C_FindObjectsInit
P:2440186; T:0x140007141424576 2024-03-25 15:09:17.251
[in] hSession = 0x11
[in] pTemplate[1]: 
    CKA_CLASS             CKO_SECRET_KEY       
Returned:  0 CKR_OK

5490: C_FindObjects
P:2440186; T:0x140007141424576 2024-03-25 15:09:17.251
[in] hSession = 0x11
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x9 matches
Returned:  0 CKR_OK

314: C_GetAttributeValue
P:2440186; T:0x140007141424576 2024-03-25 15:09:15.882
[in] hSession = 0x11
[in] hObject = 0xc
[in] pTemplate[1]: 
    CKA_LABEL             000000000073c010 / 8
[out] pTemplate[1]: 
    CKA_LABEL             000000000073c010 / 8
    55736572 2050494E
     U s e r  . P I N
Returned:  0 CKR_OK

The objects do not have CKA_ID so most of the application will likely to ignore them but we should not depend on that and not show them to user/application.

_Originally posted by @Jakuje in https://github.com/latchset/kryoptic/pull/17#discussion_r1536907568_

[simo5]

This should be handled in my last push in #17