Better error handling when destroying a key in a secure element

[gilles-peskine-arm]

Description

Consider psa_destroy_key on a key which is located in a secure element. The normal process is:

1. Create a transaction file.
2. Call the driver to destroy the key in the secure element.
3. Destroy the key metadata in internal storage.
4. Remove the transaction file.

If an error occurs, we normally do as much as we can anyway. But if creating the transaction file fails, we do nothing. This is undesirable because psa_destroy_key should make the best effort to destroy all key material.

In particular, it's currently impossible to destroy a key if the storage is full, because creating the transaction file fails.

Issue request type

[ ] Question
[x] Enhancement
[ ] Bug

[ciarmcom]

Internal Jira reference: https://jira.arm.com/browse/IOTCRYPT-865

[gilles-peskine-arm]

The secure element driver interface enabled by MBEDTLS_PSA_CRYPTO_SE_C is deprecated. We will not work on it any further.