Update dependency rsa to v4

[renovate-bot]

This PR contains the following updates:

Package	Update	Change
rsa	major	>=3.1.4,<4.0 -> >=3.1.4,<4.1

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot. View repository job log here.

[tseaver]

@busunkim96 There is a signature change in rsa v4 which might be an issue:

- Added function `rsa.find_signature_hash()` to return the name of the hashing
  algorithm used to sign a message. `rsa.verify()` now also returns that name,
  instead of always returning `True`.

I don't know if anybody using this library will be affected.by having our _python_rsa.RSAVerifier.verify return a string rather than True.

[busunkim96]

@tseaver Is it sufficient to call that out in the next set of release notes? Or should I make a PR to modify that method?

[tseaver]

@busunkim96

Is it sufficient to call that out in the next set of release notes? Or should I make a PR to modify that method?

I'm not sure: google-cloud-python doesn't use RSAVerifier.verify directly. It seems safer to me to wrap the return value in bool().