mbedtls: add new PSA_CRYPTO_CLIENT config

Using MBEDTLS_PSA_CRYPTO_CLIENT to guard all PSA_WANT symbols is
not completely correct because:

1. the prefix MBEDTLS suggests that it's something related to
   MbedTLS, while actually PSA APIs can be provided also
   by other implementations (ex: TFM)

2. there might applications which are willing to use PSA APIs
   without using MbedTLS at all. For example computing an hash
   can be as simple as writing psa_hash_compute() and, if the
   PSA function is provided thorugh TFM, then MbedTLS is not
   required at all

Therefore this commit:

- moves MBEDTLS_PSA_CRYPTO_CLIENT to Kconfig.tls-generic since
  that symbol belongs to MbedTLS

- adds a new symbol named PSA_CRYPTO_CLIENT as a generic way
  to state that there is "some" PSA crypto API provider

- let MBEDTLS_PSA_CRYPTO_CLIENT automatically select
  PSA_CRYPTO_CLIENT, since the former is an implementation of
  the latter.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

modules/mbedtls/Kconfig.psa

@@ -5,12 +5,13 @@
 # from: ../../../modules/crypto/mbedtls/include/psa/crypto_config.h.
 # Do not edit it manually.
 
-config MBEDTLS_PSA_CRYPTO_CLIENT
+config PSA_CRYPTO_CLIENT
 	bool
-	default y
-	depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C
+	help
+	  Promptless symbol to state that there is a PSA crypto API provider
+	  enabled in the system. This allows to select desired PSA_WANT features.
 
-if MBEDTLS_PSA_CRYPTO_CLIENT
+if PSA_CRYPTO_CLIENT
 
 config PSA_CRYPTO_ENABLE_ALL
 	bool "All PSA crypto features"
@@ -351,4 +352,4 @@ config PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
 	bool "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE" if !MBEDTLS_PROMPTLESS
 	default y if PSA_CRYPTO_ENABLE_ALL
 
-endif # MBEDTLS_PSA_CRYPTO_CLIENT
+endif # PSA_CRYPTO_CLIENT

modules/mbedtls/Kconfig.tls-generic

@@ -493,6 +493,12 @@ config MBEDTLS_USE_PSA_CRYPTO
 	  Use PSA APIs instead of legacy MbedTLS functions in TLS/DTLS and other
 	  "intermediate" modules such as PK, MD and Cipher.
 
+config MBEDTLS_PSA_CRYPTO_CLIENT
+	bool
+	default y
+	depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C
+	select PSA_CRYPTO_CLIENT
+
 config MBEDTLS_LMS
 	bool "Support LMS signature schemes"
 	depends on MBEDTLS_PSA_CRYPTO_CLIENT

modules/mbedtls/create_psa_files.py

@@ -25,18 +25,19 @@ KCONFIG_HEADER="""\
 # from: {}.
 # Do not edit it manually.
 
-config MBEDTLS_PSA_CRYPTO_CLIENT
+config PSA_CRYPTO_CLIENT
 	bool
-	default y
-	depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C
+	help
+	  Promptless symbol to state that there is a PSA crypto API provider
+	  enabled in the system. This allows to select desired PSA_WANT features.
 
-if MBEDTLS_PSA_CRYPTO_CLIENT
+if PSA_CRYPTO_CLIENT
 
 config PSA_CRYPTO_ENABLE_ALL
 	bool "All PSA crypto features"
 """.format(os.path.basename(__file__), INPUT_REL_PATH)
 
-KCONFIG_FOOTER="\nendif # MBEDTLS_PSA_CRYPTO_CLIENT\n"
+KCONFIG_FOOTER="\nendif # PSA_CRYPTO_CLIENT\n"
 
 H_HEADER="""\
 /*