[release/9.0-rc1] Make SafeEvpPKeyHandle.OpenKeyFromProvider throw PNSE on OSSL less than 3.0

[github-actions]

Backport of #106397 to release/9.0-rc1 (There is also identical opened against release/9.0 - only one should be merged depending on how/if this gets approved)

/cc @krwq

Customer Impact

• Customer reported
• Found internally

Improves error message and exception type from CryptographicException with cryptic message to PlatformNotSupportedException with actionable error message when feature is not available when running against OpenSSL <= 1.1.1. Feature was introduced in Preview 7.

Additionally it fixes test failures when running manual tests against OpenSSL 1.1.1 when feature is not available.
This isn't particularly blocking for customers but it does improve user experience when running against low versions of OpenSSL. Changing this in just .NET 10 would change exception type and be potentially breaking.

Regression

• Yes
• No (new feature added in preview 7)

Testing

Testing against different versions of OpenSSL - change adds a test case but it's not currently exercised in CIs which runs only against OpenSSL >= 3.0

Risk

Low. This only adds a single out bool flag in the native and interop layer which allows for proper feature detection and throwing better exception message. The remainder of the change improves test coverage and fixes test issues when running against OpenSSL 1.1.1 (some tests require specific setup with TPM so are not running against CI, some other are automated).

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

[krwq]

Closed since RC1 is closed and this is non-blocking