HSM support

The HSM adds additional physical security protecting private keys used for signing and encryption.

It is now possible to store private keys in a HSM.

Currently PhenixID server support using HSM when signing SAML messages and issuing One Touch certificates.

References implementation is SOFT HSM, https://www.opendnssec.org/softhsm/.