PSA always enabled in 4.0

[daverodgman]

• MBEDTLS_USE_PSA_CRYPTO must be removed from mbedtls_config.h. The library must behave as if it was always enabled.
• For supported cases, at least one of MBEDTLS_PSA_CRYPTO_C / MBEDTLS_PSA_CRYPTO_CLIENT must be always enabled. Disabling both would be needed for people who want an alternative PSA impl (this would not be a supported/validated case)
• MBEDTLS_PSA_CRYPTO_CONFIG must be removed, and treated as always-enabled.
• Identify dead code (ie code guarded by #if !defined that can never be built). Create tasks to remove this code.
• Optionally, remove some/all of the dead code identified in the previous step

[daverodgman]

See #5156 for earlier discussion on this

[mpg]

I think we also want to identify test code that becomes redundant. For example, a lot of things are tested both with and without USE_PSA_CRYPTO, quite a few things tested with PSA_CRYPTO_C disabled, etc.

My gut feeling is that this task is larger than M - it's the kind of thing that looks easy on paper but where you tend to run into surprises. So, I'd be inclined to split it into smaller tasks - I think the first three items could be one task each.

Also, I agree with leaving some parts (remove dead code) to follow-up tasks but I'd strongly advise we address those tasks ASAP. One of the expected benefits of this work is to make maintenance easier, and we don't fully get that while there's still a lot of dead code around.