modules: tf-m: support MCUboot signature types other than RSA-3072

With TF-M updated to 2.1.0 it now makes the signature type default
to EC-P256 for the mps2/an521/cpu0/ns board.
So far Zephyr had only supported and assumed that it was RSA-3072.

This brings support for other signature types, and changes the global
default to EC-P256.
The switch from RSA-3072 to EC-P256 reduces the flash usage by ~3.3KB
while having a negligible impact on RAM usage (increase of ~70 bytes)
when compiling the tfm_psa_test sample on mps2/an521/cpu0/ns and
nrf9160dk/nrf9160/ns without explicit optimizations.

The TFM_KEY_FILE_{S,NS} Kconfig options are moved inside an
`if TFM_BL2` as they are only used if MCUboot is included in TF-M.

The TF-M CMake variables MCUBOOT_KEY_{S,NS} are now set so that it's
possible to use signing keys located elsewhere than the default
location.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

doc/releases/migration-guide-3.7.rst

@@ -96,6 +96,14 @@ MbedTLS
 MCUboot
 =======
 
+Trusted Firmware-M
+==================
+
+* The default MCUboot signature type has been changed from RSA-3072 to EC-P256.
+  This affects builds that have MCUboot enabled in TF-M (:kconfig:option:`CONFIG_TFM_BL2`).
+  If you wish to keep using RSA-3072, you need to set :kconfig:option:`CONFIG_TFM_MCUBOOT_SIGNATURE_TYPE`
+  to `"RSA-3072"`. Otherwise, make sure to have your own signing keys of the signature type in use.
+
 zcbor
 =====
 

doc/releases/release-notes-3.7.rst

@@ -427,6 +427,10 @@ Trusted Firmware-M
 * TF-M was updated to 2.1.0. Release notes can be found at:
   https://tf-m-user-guide.trustedfirmware.org/releases/2.1.0.html
 
+* Support for MCUboot signature types other than RSA-3072 has been added.
+  The type can be chosen with the :kconfig:option:`CONFIG_TFM_MCUBOOT_SIGNATURE_TYPE` Kconfig option.
+  Using EC-P256, the new default, reduces flash usage by several KBs compared to RSA.
+
 zcbor
 *****