Use PSA for ECDSA signature generation in PK

[mpg]

In library/pk_wrap.c, re-implement the existing wrapper ecdsa_sign_wrap to use psa_sign_message() instead of mbedtls_rsa_pkcs1_sign().

This will require creating a temporary PSA private key with appropriate permissions. An example of something similar, but with a public key, can be found in ecdsa_verify_wrap() in the same file (note: there are currently two definitions of ecdsa_very_wrap(), we want to look at the one that uses PSA).

This also requires transcoding the resulting signature, as PSA encodes it differently from what the current PK API promises (which is what TLS and X.509 want). There's already a function for that: pk_ecdsa_sig_asn1_from_psa(), currently used by pk_opaque_sign_wrap().

The resulting wrapper will most likely look like a mix of the existing (PSA-based) ecdsa_very_wrap() (management of the temporary key) and pk_opaque_sign_wrap() (transcoding of the signature and or parameters / error codes).

Depends on: #5156 (to be able to use PSA without #ifdefs).