Is your feature request related to a problem? Please describe.

Currently the tedge cert create cannot be used if the key should be stored in a PKCS11 compatible HSM. This makes it more difficult for users to get started when using a PKCS11 compliant HSM.

Describe the solution you'd like

The following should be supported

• Add a new command to tedge cert create-key should support creating a private key (which is not exportable). The command should do this by using sending a command to the tedge-p11-server via the configured socket. Ideally the algorithm should also be configurable, though the we could make the algorithm configurable at a later point in time. Invoking the command should also initialize the HSM slot if necessary (though this have some limitations, e.g. I believe the softhsm2 must be initialised using its own tooling)
• Integrate the key and CSR generation into the tedge cert download c8y command (used to register devices via the Cumulocity Certificate Authority Feature)

Describe alternatives you've considered

Additional context