Support "TSS2 PRIVATE KEY" PEM files

[dwmw2]

https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html describes a (de facto, for now) standard for PEM files containing TPMv2-wrapped keys.

It is supported by both the IBM and TCG OpenSSL ENGINEs/providers, as well as GnuTLS and OpenConnect.

Users have a PEM file which contains the TPM-wrapped key, and should be able to pass that to any application in place of a simple file-based key... and expect it to Just Work.

There is C code for the interesting parts in https://gitlab.com/openconnect/openconnect/-/blob/v9.12/gnutls_tpm2.c which I'm happy to relicense, but my Go is weak.