Bluetooth SMP: added support for Legacy pairing (MITM) with passkey

[robertc2000]

Summary

This PR introduces support for Legacy Bluetooth Pairing with Passkey Entry, specifically enabling the NuttX device to act in a "DisplayOnly" I/O capability role. This allows the device to pair with a peer (e.g., a smartphone) that has keyboard input capabilities, achieving Man-in-the-Middle (MITM) protection (Security Level 3 - BT_SECURITY_HIGH).

Impact

• Enables legacy MITM-protected pairing for Bluetooth using "Passkey Entry", which enhances the security of Bluetooth connections compared to "Just Works" pairing. Thus, applications are now able to request and make use of BT_SECURITY_HIGH level.
• Introduces a new authentication callback API (bt_smp_auth_cb_s) that applications must implement, for example if they wish to support Passkey display in a way other than a simple console log (e.g. via an LCD display).
• Configuration: added a new configuration option to define the device's I/O capabilities. The user must select 'DeviceOnly' to enable MITM protection logic. By default, it is set to NoInput/NoOutput capabilities which means it will use the 'Just Works' method.
• Core SMP Logic: pairing request/response handlers now select the pairing method based on mutual capabilities and determine/generate the Temporary Key (TK) accordingly (passkey-derived or zero for Just Works). The security level achieved during pairing is now stored with the connection and the derived keys. Other changes include refinement of security request handlers to integrate this feature and to accurately track key distribution.
• GATT Access Control: attributes that require higher privileges can now be read/written only after the user has authenticated successfully. Permission flags such as BT_GATT_PERM_READ_AUTHEN or BT_GATT_PERM_WRITE_AUTHEN are now correctly enforced based on the achieved conn->sec_level.

Testing

1. Setup

   • Used an ESP32 board as the NuttX device
   • Peer device: Android smartphone running nRF Connect for Mobile (as a Master device which attempts to connect and request bonding with the NuttX slave device)

2. Test Cases Executed:

   • Successful Pairing (Peer Initiated):
     • nRF Connect connected to NuttX and initiated bonding.
     • NuttX correctly displayed the 6-digit passkey on its console.
     • The displayed passkey was entered into nRF Connect app on the phone.
     • Pairing completed successfully as shown by the logs on NuttX, and also by the Android app which displays successful bonding status.
   • Failed Pairing (Incorrect Passkey):
     • An incorrect passkey was entered into nRF Connect.
     • Pairing failed. NuttX rejected the request and no bonding was made.
   • Testing NoInputNoOutput:
     • While the first 2 tests focused on testing the MITM feature, this test verifies that if the device is configured with no IO capabilities (therefore MITM is not possible in this case), the stack defaults to negotiating with the peer to using 'Just Works' method.
   • Testing GATT access controls:
     • Defined an attribute with BT_GATT_PERM_READ_AUTHEN (can be read only by authenticated users).
     • Failed to read it as an unauthenticated user.
     • Successfully read it as an authenticated user.

[robertc2000]

Fixed all coding style checks! (though there is only 1 test failing, not sure why...)

Can I get another review, please?

[xiaoxiang781216]

@robertc2000 please the spelling error:

     1: .codespellrc
/home/runner/work/nuttx/nuttx/nuttx/wireless/bluetooth/bt_smp.c:166: pres ==> press
/home/runner/work/nuttx/nuttx/nuttx/wireless/bluetooth/bt_smp.c:494: pres ==> press
/home/runner/work/nuttx/nuttx/nuttx/wireless/bluetooth/bt_smp.c:504: pres ==> press
/home/runner/work/nuttx/nuttx/nuttx/wireless/bluetooth/bt_smp.c:504: pres ==> press
/home/runner/work/nuttx/nuttx/nuttx/wireless/bluetooth/bt_smp.c:506: pres ==> press
/home/runner/work/nuttx/nuttx/nuttx/wireless/bluetooth/bt_smp.c:511: pres ==> press