Add support for deterministic signatures

[jschlyter]

First cut at support for deterministic signatures, feedback requested.

[pspacek]

FTR Knot DNS does that by default, and we plan on doing so in BIND if OpenSSL version is new enough: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9128

[rthalley]

I also just consulted some cryptographers and so far everyone prefers deterministic due to risks from problems and even biases in random number generators, so I'm willing to go with "default on" at this point.

[jschlyter]

Should we call this option reproducible_signing (as in Knot), deterministic or deterministic_signing?

[rthalley]

Should we call this option reproducible_signing (as in Knot), deterministic or deterministic_signing?

I don't feel super strongly, but my preference is "deterministic" as that's what the RFC and crypto experts seem to call it, and omitting "_signing" because it's a parameter to the sign() function

[jschlyter]

Type check error fixed in #1105

[rthalley]

Can you rebase off of the current main and then re-run tests? In addition to the thing which made the CI fail, which may be fixed by 1105, I still saw an instance of deterministic_signing = signing that was making checking unhappy.

[jschlyter]

Can you rebase off of the current main and then re-run tests? In addition to the thing which made the CI fail, which may be fixed by 1105, I still saw an instance of deterministic_signing = signing that was making checking unhappy.

All tests succeeds here now.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.86%. Comparing base (1532bff) to head (9a361d9).

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1104   +/-   ##
=======================================
  Coverage   93.86%   93.86%           
=======================================
  Files         144      144           
  Lines       13404    13408    +4     
  Branches     2611     2611           
=======================================
+ Hits        12581    12586    +5     
  Misses        486      486           
+ Partials      337      336    -1     

Flag	Coverage Δ
unittests	93.82% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rthalley]

Merged, thanks!