Add experimental storage API module (KeyStore, AccessPolicy, KeyAttributes)

[ariawisp]

Summary

• Introduces a new, fully additive module cryptography-storage that defines a provider-agnostic, experimental key storage API. The API enables generation, retrieval, existence checks, and deletion of persistent, non-extractable keys under binary-safe labels, with access controls abstracted via AccessPolicy.

What’s included

• New module: cryptography-storage
  • @ExperimentalKeyStorageApi opt-in annotation
  • AccessPolicy, Accessibility, DeviceBinding
  • KeyAttributes (extractable, persistent, label)
  • Handle<Public, Private>
  • AsymmetricStore<Public, Private> and SymmetricStore<Key>
  • KeyStore entry with typed stores:
    • ECDSA: ecdsa(curve: EC.Curve = EC.Curve.P256)
    • RSA: rsaPss(...), rsaPkcs1(...), rsaOaep(...)
    • AES: aesGcm(...), aesCbc(...), aesCtr(...)
    • Note: AES-ECB is intentionally excluded due to DelicateCryptographyApi.
• KDocs across new APIs to clarify intent and usage.
• Tests: StorageApiSmokeTest exercising CRUD semantics using test-only in-memory stores.
• Build integration:
  • Added to settings.gradle.kts and build-logic/ckbuild/Projects.kt.
  • ABI baselines generated under cryptography-storage/api/.

Design notes

• All APIs are marked @ExperimentalKeyStorageApi (opt-in) to allow iteration.
• Binary-safe labels (ByteArray) to accommodate provider-specific aliasing needs.
• Non-extractable private key semantics are expected and enforced by providers; only public key export should be allowed by implementations.
• The storage API composes with existing algorithm types (ECDSA/RSA/AES) without changing them.
• Module is additive; no changes to existing providers or public APIs elsewhere.

Out of scope (follow-ups)

• PR: Apple Keychain-backed KeyStore mapping AccessPolicy → Security.framework (RSA/AES/ECDSA P‑256) with macOS tests.
• PR: Apple Ed25519 support (feature-flagged) aligning with platform capabilities and upcoming core EdDSA APIs.
• Cross-provider listings, certificate/attestation flows, and per-operation auth contexts.

Testing & CI

• New tests are platform-agnostic and run as part of module tests.
• No provider/platform-specific requirements introduced in this PR.

Docs

• KDocs explain semantics and how to opt-in to experimental APIs.

Risk & compatibility

• No breaking changes; fully additive.
• Experimental opt-in mitigates API stability concerns.

Checklist

• Builds across all targets
• API baselines added
• Tests added and passing
• Module wired into settings and build logic

Notes for reviewers

• This module provides a minimal, focused API surface for key storage without provider implementations. Provider work (Apple Keychain) follows in a separate PR after this lands.

Related issues

• Relates-to: Key and certificates management and storage #19 (Key and certificates management and storage)
  • This PR introduces the provider-agnostic storage API surface (KeyStore, stores, AccessPolicy) that providers like JDK KeyStore, Apple Keychain, and Secure Enclave can implement. Concrete Apple Keychain support will arrive in a follow-up PR.
• Relates-to: Architecture surrounding keys #63 (Architecture surrounding keys)
  • This PR establishes cross-cutting KeyAttributes and handle composition. Common key supertypes (AsymmetricPublicKey, AsymmetricPrivateKey.publicKey(), SecretKey) are intentionally out of scope here and proposed as a separate experimental PR to avoid coupling and keep this change additive.