Add support generating RSA PKCS#1 signatures using SHA-1

[briansmith]

Currently we have RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY for verifying signatures that use SHA-1 (and weak keys).

However, we don't expose the ability to produce such signatures. Some ring users need to support existing protocols where SHA-1 signatures are (unfortunately) negotiated. For example, in many common OpenSSH deployments, the client and server will work together to negotiate SHA-1 instead of a stronger digest algorithm.

In the code we have this:

rsa_pkcs1_padding!(
    pub(in super::super) RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY,
    &digest::SHA1_FOR_LEGACY_USE_ONLY,
    &SHA1_PKCS1_DIGESTINFO_PREFIX,
    "PKCS#1 1.5 padding using SHA-1 for RSA signatures."
);

Compare this to others:

rsa_pkcs1_padding!(
    pub RSA_PKCS1_SHA256,
    &digest::SHA256,
    &SHA256_PKCS1_DIGESTINFO_PREFIX,
    "PKCS#1 1.5 padding using SHA-256 for RSA signatures."
);

It seems like we "just" need to change the visibility of this and a few other declarations, and add some tests.

[briansmith]

I updated the description to indicate the intended scope: Add support for generating PKCS#1 SHA-1 signatures, only. I'm not intending to add support for PSS or OAEP support using SHA-1 at this time, though I am also not ruling out ever adding support, if we find a need.