Add a security policy for RFC 9151

[goatgoose]

Problem:

RFC 9151 describes the Commercial National Security Algorithm (CNSA) specification which defines acceptable ECC curves and RSA parameters for TLS 1.2 and TLS 1.3 connections. We should add a new security policy that's compliant with this specification.

Solution:

The difficulty in adding a new policy for CNSA is the restriction on RSA key sizes:

[CNSA] specifies a minimum modulus size of 3072 bits; however, only two modulus sizes (3072 bits and 4096 bits) are supported by this profile.

It's currently possible to specify a list of permitted signature algorithms that can appear in received certificates from the peer, via the certificate_signature_preferences field. However, it's not currently possible to restrict the RSA key size of the public key in each received certificate. To allow for this behavior we will need new fields on the security policy for either the min/max key size, or a list of allowed key sizes.