Add challenge-response method for KeepassXC support

[szszszsz]

Add support for KeepassXC through challenge-response method.

Tests: Nitrokey/pynitrokey#384
KeepassXC integration: keepassxreboot/keepassxc#9397
Does not contain PWS: #63 With PWS now.

Incompatible changes:

• runner should provide now via options the device's serial number

To discuss:

• Should returned version in the Status command be application or runner firmware version (to show up in KeepassXC, see linked PR)
• Regarding used PKCS#7 unpadding, extract to separate crate or use known good implementation
• Would unchecked get bring any performance improvement (in unpadding)

To do in the next PRs:

• Encode input verification logic into separate types; ( see Extend Credential structure with Password Safe field #63 (comment) as well)
• Set version up automatically during the build from the project version

To test later:

• Use touch protected HMAC secret slot

Fixes #61

[szszszsz]

@sosthene-nitrokey @robin-nitrokey ping

[sosthene-nitrokey]

Regarding PKCS#7 padding:

I don't think the current implementation is correct.
PKCS#7 padding is dataxxxx where x is the remaining length. If the last byte of data is also x it will also be unpadded, when it should be left.

I think we should instead use the block_padding crate from RustCrypto.

[szszszsz]

Yup, that's correct indeed - this is Yubikey's "PKCS#7 padding" version. To do:

• describe in detail in the code's comments the difference from the correct padding

Edit: I have noted that down in the Python tests, but here it would be nice to have it as well

[szszszsz]

I don't think the current implementation is correct. PKCS#7 padding is dataxxxx where x is the remaining length. If the last byte of data is also x it will also be unpadded, when it should be left.

We might need to support it bug-for-bug. If there are any other applications, they probably have it implemented like this anyway. To discuss.

I think we should instead use the block_padding crate from RustCrypto.

I suppose we can use it, once we take into account the non-standard PKCS#7 input, and correct it beforehand.

[szszszsz]

Review corrections were added in #71. Please verify briefly.
Merging this PR in.