Add Auth extension and backend with PIN handling

[robin-nitrokey]

This patch implements a basic Auth extension and backend that provides PIN handling. Policies still have to be enforced by the client.

Fixes https://github.com/trussed-dev/trussed-auth/issues/1

Open tasks:

• [x] Setup repository scaffolding (readme, gitignore, licenses, CI, ...)
• [x] Use upstream Trussed once extension support has landed
• [x] Add tests
  • Basic tests are implemented, more advanced tests missing.
• [x] Add documentation
• [x] API questions
  • [x] should CheckPin return an error or false?
  • [x] can we change blocked PINs with SetPin?
  • [x] what is the maximum PIN length? SHORT_DATA_LEN?
• [x] Implementation questions
  • [x] Use zeroize/secrecy/...?
  • Currently, secrecy cannot be used with serde in no-std environments.
  • [x] proper error types
  • [x] review of PIN handling
  • [x] how much space do we need for serialization
  • [x] FS layout → https://github.com/trussed-dev/trussed-auth/issues/9
  • [x] replace scrypt
  • scrypt is too slow for us. We probably have to use a manual implementation.

[sosthene-nitrokey]

I've implemented a second PIN type that wraps a key using the PIN in https://github.com/sosthene-nitrokey/trussed-auth/tree/ext-encryption, based on top of this PR.

[robin-nitrokey]

I’ve changed it to use <client>/backend/auth/pin/<id>. Let’s merge it like this. We can still change the paths before we release.