HSM support
The HSM adds additional physical security protecting private keys used for signing and encryption.
It is now possible to store private keys in a HSM.
Currently PhenixID server support using HSM when signing SAML messages and issuing One Touch certificates.
References implementation is SOFT HSM, https://www.opendnssec.org/softhsm/.