Key should expose pre hash algorithm

[jku]

This is after #456

There could be a optional Key.get_pre_hash_algorithm():

• would return the pre-signing content hash algorithm that should be used
• this would be useful for for signers that need to prehash (KMS and HSM I believe)
• this does not apply to all keys (e.g. "ed25519" is likely the non-prehashing variant)

[jku]

I suppose this could be an actual digest() API as well... so you could do something like

hasher = key.hasher() # this is like securesystemslib.hash.digest() except no argument needed 
hasher.update(data)
digest = hasher.digest()

but maybe securesystemslib shouldn't be trying to do all these things?

[lukpueh]

FYI: The HSMSigner API does not need pre-hashing. I only pre-hash in tests as workaround for SoftHSM's limited capabilities:

securesystemslib/tests/test_hsm_signer.py

Lines 22 to 37 in c4e3416

	_orig_sign = HSMSigner.sign
	def _sign(self, data):
	"""Wraps HSMSigner sign method for testing
	HSMSigner supports CKM_ECDSA_SHA256 and CKM_ECDSA_SHA384 mechanisms. But SoftHSM
	only supports CKM_ECDSA. For testing we patch the HSMSigner mechanism attribute and
	pre-hash the data.
	"""
	self._mechanism = PyKCS11.Mechanism( # pylint: disable=protected-access
	PyKCS11.CKM_ECDSA
	)
	hasher = digest(algorithm=f"sha{self.public_key.scheme[-3:]}")
	hasher.update(data)
	return _orig_sign(self, hasher.digest())

[jku]

oh interesting. If this is only needed by KMS, then we can hold off implementing anything public/generic

[jku]

I'll close this based on above comments