Remove parts of md, cipher and pk

[daverodgman]

As per #6792 (comment)

The high-level legacy crypto modules are gradually being replaced by PSA, but we'll probably keep them in 4.0 and remove them in 5.0. (The rule of thumb for API migration is: one major release to introduce the new API and deprecate the old one, and another major release to remove the old one.)

We don't have to keep all the features of md, cipher and pk, especially those that don't match well with PSA and aren't very useful.

• Remove ad hoc names of algorithms (mbedtls_md_info_from_string, etc.). They aren't used anywhere else in the library and don't follow any particular standards.
• Remove ccm.h and gcm.h as public interfaces, keeping only the cipher.h abstraction.
• Remove access to KW/KWP from cipher.h. It belongs differently from the others, and that has caused bugs in the past.
• Remove padding other than PKCS7 from cipher.h.

[mpg]

Remove access to KW/KWP from cipher.h. It belongs differently from the others, and that has caused bugs in the past.

In another discussion, @gilles-peskine-arm wrote:

There are features of cipher that are not provided through the PSA API, but that we want to keep in the library: XTS, NIST KW. If we remove cipher, we really need to provide them through PSA, and that's a nontrivial amount of work. We're still working on an API that would be suitable for NIST KW and I'm not convinced we'll ship that in 4.0.

IMO that's a rather strong argument for not removing NIST KW support from Cipher.

[gilles-peskine-arm]

We can leave mbedtls/nist_kw.h as the only interface to KW. But that means leaving that as a public API, which is not ideal either.

[gilles-peskine-arm]

Covered by #8450, #8451 and #8452.