Proper recovery if creating a key in a secure element fails

[gilles-peskine-arm]

Description

When creating a key in a secure element, if the call to the secure element's create method succeeds, but an error happens later (e.g. saving the driver's persistent data to storage), the API function reports a failure, but the key remains in the secure element. This is a resource leak and can be a data leak (when importing a key).

There may be other key creation errors that are not handled properly. This should be reviewed and tested.

Issue request type

[ ] Question
[ ] Enhancement
[x] Bug

[ciarmcom]

Internal Jira reference: https://jira.arm.com/browse/IOTCRYPT-863

[gilles-peskine-arm]

This issue only concerns dynamically registered secure element drivers enabled with MBEDTLS_PSA_CRYPTO_SE_C, which are deprecated. We do not intend to do any further work on that feature, even bug fixes, unless we have reports of it being used in the wild.