refactor: isolate HSM interactions and crypto11 use in a more generic interface

[bhearsum]

The main driver behind this is to enable us to add a GCPHSM with its own MakeKey implementation to avoid cluttering up Configuration.MakeKey further. While I was doing this, I moved the other HSM and crypto11`` related things elsewhere as well. Notably, two things are still present insigner.Configurationthat would be part of asigner.HSM` implementation in an ideal world:

• The pub key casting in Configuration.GetKeys
• Configuration.CheckHSMConnection entirely

Both of these things depend on Configuration.GetPrivateKey which needs a label of a key to fetch. I don't think it's appropriate to move that label to the HSM interface (because it would tie an instance to a single key). I couldn't find a way to adjust the usage of these methods that didn't end up making things messier, or involved refactoring other things, so I'm punting on it for now.

[bhearsum]

@jmhodges (or anyone else) - if you have some ideas about how we could test this usefully I'd love to hear them. The only way I could come up with is to dependency inject crypto11 into MakeKey such that we can provide a fake version of, eg: GenerateECDSAKeyPairOnSlot. This would end up trickling up the call stack to Configuration.MakeKey as well, which is a bit annoying. (And also we'd have to make a fake version of pkcs11.Ctx, but I think that is quite trivial to create and inject.) My instincts for testing all come from Python, so I may be missing some other options available to us here.