smartcard: Rewrite to use p11-kit backend via Gck APIs
The smartcard plugin of g-c-c has been based on the usage of NSS API, unfortunately this means that, in order to be able to fetch the PKCS#11 devices, the system must provide a shared certificate NSS database that is not standard in most distributions outside the Fedora / RH world.
Also, this database has to be pre-filled with PKCS#11 libraries to get the available one, not fully respecting the p11-kit modules standard (even though by default it now relies on a p11-kit-proxy library that de facto follows this).
As per this, it's currently quite hard to get GDM to use smartcard authentication working both using pam-sss or pam-pkcs11 in most distros.
This also was introducing another level of abstraction, while using the p11-kit libs is nowadays preferred.
Said that, it made sense to finally use some standard libraries so that smartcard devices supported by p11-kit can be handled without any further action.
While we could support multiple backends, it doesn't really make any sense at this point, without breaking Fedora and friends, in fact:
- As said, distros using the NSS db were already getting devices from p11-kit via a proxy
- Fedora and RHEL rely on SSSD for the PAM authentication and this project completely dropped the NSS support [1], and only uses p11-kit and OpenSSL.
So this change will actually ensure that the smartcard support will continue working even on distros that are using a system NSS database.
Given that GNOME has already a library to abstract PKCS#11 devices, I preferred not to write yet another wrapper around it, and just rely on that as a light wrap the devices, slots and tokens operations.
So we can remove quite a lot of initialization code, while some facilities that were provided by NSS (such as waiting for slot events) had to be reimplemented, but following the same logic.
Fixes: #260 (closed) #673 (closed) #439 (closed) #702 (closed)