mbedtls: introduce PSA-specific Kconfig file

It is meant specifically for configuration of the PSA crypto library.

The underlying PSA configuration items are guarded by the condition
that a PSA crypto provider must be present, which is the case when
either TF-M is in use or MbedTLS's PSA core is built as part of
the application image.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

modules/mbedtls/Kconfig.tls-generic

@@ -494,8 +494,9 @@ config MBEDTLS_USE_PSA_CRYPTO
 
 config MBEDTLS_LMS
 	bool "Support LMS signature schemes"
-	depends on MBEDTLS_PSA_CRYPTO_C
+	depends on MBEDTLS_PSA_CRYPTO_CLIENT
 	depends on MBEDTLS_HASH_SHA256_ENABLED
+	select PSA_WANT_ALG_SHA_256
 
 config MBEDTLS_SSL_DTLS_CONNECTION_ID
 	bool "DTLS Connection ID extension"

modules/mbedtls/configs/config-tls-generic.h

@@ -35,7 +35,6 @@
 
 #if defined(CONFIG_MBEDTLS_LMS)
 #define MBEDTLS_LMS_C
-#define PSA_WANT_ALG_SHA_256 1
 #endif
 
 #if defined(CONFIG_MBEDTLS_HAVE_TIME_DATE)
@@ -486,6 +485,10 @@
 #define MBEDTLS_FS_IO
 #endif
 
+#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
+#define MBEDTLS_PSA_CRYPTO_CLIENT
 #endif
 
 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) && defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)
@@ -496,18 +499,12 @@
 #define MBEDTLS_SSL_DTLS_CONNECTION_ID
 #endif
 
-/* User config file */
-
 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)
 #include CONFIG_MBEDTLS_USER_CONFIG_FILE
 #endif
 
 #if defined(CONFIG_BUILD_WITH_TFM)
 #undef MBEDTLS_PSA_CRYPTO_C
-#endif /* CONFIG_BUILD_WITH_TFM */
-
-#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
 #endif
 
 #if defined(CONFIG_PSA_WANT_ALG_SHA_256)