[23.10 FEAT] Upgrade openCryptoki to latest version (3.21.0)

------- Comment From <email address hidden> 2023-07-10 10:04 EDT-------
Please upgrade to openCryptoki v3.21.0 for Mantic.

There are/will be some additional fixes on top of v3.21.0 which might be worth to pick, to not run into problems that have already been fixed.
==> We will provide the commit IDs for the additional patches in time prior to FF.

------- Comment From <email address hidden> 2023-07-17 05:54 EDT-------
Currently the following fixes / commits provided by Ingo should be picked on top of v3.21.0:

https://github.com/opencryptoki/opencryptoki/commit/eeed5b5ef4cd41560be0d889032fb22b1bc8ab92 "common: Correctly set default attributes for certificates"
https://github.com/opencryptoki/opencryptoki/commit/43a4dc59a574bf056e6eeb96503d404e47e3d3d5 "p11sak: Fix user confirmation prompt behavior when stdin is closed"
https://github.com/opencryptoki/opencryptoki/commit/bd40bb884a6ff23b42a48237f74eb0df4d1daec1 "pkcsstats: Fix handling of user name"
https://github.com/opencryptoki/opencryptoki/commit/f71f3d2515f71c2c2031fbcdd10cbdaddc7b21cd "p11sak: fix length handling when importing and exporting an EC public key"
https://github.com/opencryptoki/opencryptoki/commit/92999f344a3ad99a67a1bcfd9ad28f28c33e51bc "p11sak: Fix listing of key objects when other object types are present"
https://github.com/opencryptoki/opencryptoki/commit/2ba0f41ef5e14d4b509c8854e27cf98e3ee89445 "p11sak: Fix parsing of slot number 0"

In case we will have additional fixed until FF, we will update / comment accordingly.

I've created a test build here:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2026732
and I'm attaching the debdiff.
(still w/o LP#2025924)

I've updated the packaging slightly, incl. wrap-and-sort run (thx to schopin for the review) and uploading an updated debdiff here.
Also build and tested this package (functional as well as install and upgrade tests).

Uploading now ...

This bug was fixed in the package opencryptoki - 3.21.0+dfsg-0ubuntu1

---------------
opencryptoki (3.21.0+dfsg-0ubuntu1) mantic; urgency=medium

  * New upstream release (LP: #2026732), incl. support for:
    - concurrent MK rotation for ep11 token (LP: #2025917)
    - concurrent MK rotation for cca token (LP: #2025926)
    - cca token: protected key support (LP: #2025923)
    - pkcsslotd hardening (LP: #2025922)
    Required modifications:
    - add libcap-dev to Build-Depends
    - adjust and refresh d/p/01-disable-testcases.patch due to changed context
    - adjust and refresh d/p/04-pkcsslotd-cmdline-args.patch due to changed
      context and fuzz
    - adjust, expand and refresh
      d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch
      due to changed context and changes around pkcsslotd, which req. folders
      added to d/opencryptoki.dirs and modifications in d/opencryptoki.postinst
      and d/opencryptoki.postrm to work properly.
    Fix selected issues on top of v3.21 and add:
    - d/p/lp-2026732-common-Correctly-set-default-attributes-for-certific.patch
    - d/p/lp-2026732-p11sak-Fix-user-confirmation-prompt-behavior-when-st.patch
    - d/p/lp-2026732-pkcsstats-Fix-handling-of-user-name.patch
    - d/p/lp-2026732-p11sak-fix-length-handling-when-importing-and-export.patch
    - d/p/lp-2026732-p11sak-Fix-listing-of-key-objects-when-other-object-.patch
    - d/p/lp-2026732-p11sak-Fix-parsing-of-slot-number-0.patch
  * According to LP: #2022088 comment #4, revert d/rules, d/triggers
    d/libopencryptoki0.{install,links} back, but do not instead add
    d/p/lp-2022088-fix-p11sak-failure-to-find-libopencryptoki.so.patch
    to fix 'failure that p11sak is not able to find libopencryptoki',
    since the p11sak code was refactored and changed significantly in v3.21.
    To fix this now expand d/p/03-dlopen-soname.patch with hunks for
    usr/sbin/p11sak/p11sak.h, usr/sbin/pkcshsm_mk_change/pkcshsm_mk_change.c,
    usr/sbin/pkcsstats/pkcsstats.c, testcases/common/common.c and
    testcases/policy/policytest.c
  * d/libopencryptoki0.links{.s390x} Merge files, since the content of the
    s390x version of this file applies to all platforms.
  * d/*: changes due to wrap-and-sort run

 -- Frank Heimes <email address hidden> Fri, 07 Jul 2023 12:15:35 +0200