Add support for AES management keys

[str4d]

Once https://github.com/iqlusioninc/yubikey.rs/issues/330 is resolved, we should start using PIN-protected AES management keys for YubiKeys that support them. We should also migrate YubiKeys that we previously configured to use a PIN-protected TDES management key, if AES is supported.

[str4d]

We want to ensure that a YubiKey set up by age-plugin-yubikey is usable with yubikey-agent, so we use the same management setup (PIN-protected management key, PUK set to PIN) as yubikey-agent. We therefore need to synchronise on AES management key usage, which means we also need to block on https://github.com/go-piv/piv-go/issues/109.

[PriceHiller]

It appears https://github.com/go-piv/piv-go/issues/109 has now been resolved and should hopefully no longer be blocking.

What all needs to be done for AES support?

EDIT: appears to still be blocked on https://github.com/iqlusioninc/yubikey.rs/issues/330 ?

[str4d]

I now have a new YubiKey with firmware 5.7.1, and it appears to come with AES as the default management key algorithm. The error message I previously added does trigger correctly (telling the user to switch to TDES).

@PriceHiller yes this is blocked on support in the yubikey crate.