x/crypto/openpgp: Support PKCS#11 keys for signing #15870
Description
As the current interface requires the existence of the actual private key in memory for a number of operations a PKCS#11 key (i.e. from letsencrypt/pkcs11key) cannot be used for signing.
It seems like the simplest way to do this would be to allow Signature.PrivateKey.PrivateKey to also be a crypto.Signer (in this switch, but testing the type of priv.PrivateKey instead of priv.PubKeyAlgo) and if present attempt to sign using its Signer.Sign method and parse the resulting signature based on the Signer.PublicKey. As far as I can tell this would be the easiest diff, there is a much more complicated one that completely replaces Signature.PrivateKey.PrivateKey with a crypto.Signer but that would require changing quite a few of the interfaces.
cc @agl for thoughts, if the first idea makes sense I'm happy to work on a CL for it.