dynamic keyid assignment

[flihp]

The keyspec provided as input to the hsm generate command includes an id value that uniquely identifies the key in the HSM. If the id value from the keyspec is already in use by the HSM then the command will fail / refuse to create the key. We currently manage this by carefully selecting id values but it's still a bit of a pitfall. The HSM can / will dynamically assign ids for us though https://docs.yubico.com/hardware/yubihsm-2/hsm-2-user-guide/hsm2-cmd-reference.html#id178 and we should use this feature to generate key ids for us.

This seems pretty straight forward at first glance will require that we:

• make the KeySpec.id field an Option<Id>
• when we hsm generate a key we must catch the Id produced by the HSM and set it in the KeySpec before persisting it in the ca-state
• ensure that this field is Some when other commands use a KeySpec that should / must have an Id