Use python cryptography for DNSSEC

[simo5]

Replaces the need to use pycryptodome and ecpy with the much better python cryptography.

Python cryptograpy depends on the much more common and vetted openssl library for cryptography functions. This means algorithms are properly hardened against side channel attacks unlike other implementations.

Fixes #448

[bwelling]

This looks ok to me.

[pspacek]

What minimal version of python-cryptography is required? I would like to check if it is available in reasonably modern versions of Debian etc.

[abbra]

Buster (current stable Debian version) has 2.6.1 so it seems to be OK as this patch requires 2.6 in the specs already.

I tried Xenial (Ubuntu 16.04) and it only complained about ed25519 and ed448 imports. This is with python-cryptography 1.2.3. Both modules for this were added in 2.6 version of python-cryptography.

I think 2.6 is a reasonable requirement for elliptic curves. It is possible to split imports further and get the whole code supporting python-cryptography 1.2.3. I wonder if that is really needed.

[tiran]

Thanks @simo5

Nit pick: The upstream project is called PyCA cryptography or pyca/cryptography and not Python cryptography.

[pspacek]

Sounds good to me, I would not complicate matters just because of very old distributions. dnspython 2.0 is breaking release anyway. Thanks!

[pspacek]

@rthalley @bwelling Ok to merge?

[simo5]

@tiran while the "cryptography" project is under the PyCA organization in github, on pypi it is called just cryptography. I added the "python" prefix just to make clear it is the import called "cryptography" available in python.
But I will change it to anything if needed, just let me know.

[simo5]

Thanks @rthalley