…1658)

Such keys are still capable of encryption and signature verification.
This change is relevant for forward compatibility of v4 keys encrypted using e.g. argon2.

…e packet versions

Relevant for forward compatibility when verifying detached signatures
that include e.g. v4 and v6 packets

…re packet versions

These messages should still be decrypt-able if they include at least one
supported ESK packet.

Keys with such subkeys should still be usable, as long as they have
a supported primary key.

Fix forward compatibility of keys, SKESKs, and detached/cleartext signatures and ECDH.

Relevant for forward compatibility when:
- verifying **detached** or cleartext signatures that include e.g. v4 and v6 packets.
  Non-detached signatures are not affected.
- parsing messages with sym. encrypted session keys (SKESK) that rely on unsupported S2K types (e.g. argon2)
- parsing keys that include ECDH subkeys with unknown KDF params version
  (e.g. end-to-end encrypted forwarding use-case)

This addition is backwards compatible. We offer no way to generate v4 keys in the new format.

As specified in openpgp-crypto-refresh-09.

Instead of encoding the symmetric key algorithm in the PKESK ciphertext (requiring padding),
the symmetric key algorithm is left unencrypted.

Co-authored-by: Lukas Burkhalter <lukas.burkhalter@proton.ch>

Fail on PKESK parsing as well as session key generation and encryption

Following the addition of the new format for Montgomery curves,
which do not rely on OIDs.

SubtleCrypto not available in the latter due to stricter secure context checks

Add support for new Ed25519/X25519 keys, signatures and messages,
as per crypto-refresh document.