arm/trusted-firmware-m: set OpenSSL provider path

imgtool from mcuboot uses python3-cryptography-native, and the latest
python3-cryptography explicitly loads the legacy provider, which is a
separate shared object in OpenSSL 3.  The search path for providers is
hard-coded into the library so the wrong path is searched and the module
is not found.

Set OPENSSL_MODULES so the right path, so that the legacy module is
found.  In the future we may be able to be removed this if the explict
use of legacy algorithms is removed
(https://github.com/pyca/cryptography/issues/6809).

This also means we can remove the downgrades of python3-crytography that
were being carried in meta-arm.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.5.0.bb

@@ -97,6 +97,10 @@ LDFLAGS[unexport] = "1"
 AS[unexport] = "1"
 LD[unexport] = "1"
 
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
 # TF-M ships patches that it needs applied to mbedcrypto, so apply them
 # as part of do_patch.
 apply_local_patches() {