ECDSA keys can be generated an order of magnitude faster than RSA keys.
This commit adds an implementation for ECDSA, and adds parameters to
CA.__init__, CA.issue_certificate and CA.create_child_ca. The default is
ECDSA, given that OpenSSL and browsers support this for at least 10
years. This also adds an option to the cli to switch between RSA and ECDSA.

The basic test and the SSL server test have been parametrized over both
types of keys. This ensures that RSA support is not accidentally broken,
while keeping most of the tests fast.

Cryptography provides types since version 3.4.4 and the relevant
interfaces have been typed since version 35.0.0

This would be a breaking change and it makes codecov happier. This could
be reintroduced in the future using a larger set of allowed keys, for
example using
cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes.

There doesn't seem to be a way to tell coverage to ignore the the case
when nothing matches in a if-elif group.