cryptocb: add AES proxy-key support and end-to-end CryptoCB AES-GCM tests

Add CryptoCB-based AES proxy-key support to enable Secure Element
offload without exposing raw AES key material to wolfCrypt.

This change introduces a new optional CryptoCB hook
(WOLF_CRYPTO_CB_AES_SETKEY) that allows AES keys to be imported into
external devices (e.g. Secure Elements or HSMs) and referenced via an
opaque handle stored in aes->devCtx. When this mode is active, wolfCrypt
stores only key metadata and routes AES-GCM operations through CryptoCB,
bypassing software key storage and GCM table generation.

Key points:
- Add wc_CryptoCb_AesSetKey() callback for AES key import
- Update AES SetKey paths to support proxy-key mode with graceful
  fallback to software when CryptoCB is unavailable
- Skip GCM H/M table generation when AES-GCM is handled by the device
- Preserve existing software AES behavior when devId is INVALID_DEVID

Testing:
- Add unit test for CryptoCB AES SetKey proxy-key behavior
- Add end-to-end AES-GCM offload unit test that verifies:
  * SetKey, Encrypt, Decrypt, and Free are routed via CryptoCB
  * Correct ciphertext/auth tag generation
  * Correct plaintext recovery after decrypt
  * Proper lifecycle handling of proxy-key handles
- Tests use a mock Secure Element that internally performs software AES
  to validate routing without requiring hardware

This enables dual-mode operation:
- Software AES for normal builds and testing
- Secure Element–backed AES for TLS and crypto offload use cases

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>

Author: sameehj