Describe the bug

sso.py uses crypto.sign which has been removed in pyOpenSSL 24.3.0.
Indeed pyproject.toml has a constraint on pyOpenSSL.
https://nvd.nist.gov/vuln/detail/CVE-2026-27459 has a CVSS3 score of 9.8.
To address it pyOpenSSL must be upgraded to 26.0.0
This is not possible until sso.py leverages OpenSSL.crypto.sign

Replacing the call to sign with equivalent functions from cryptography should be relatively straightforward

Reproduction steps

1. Upgrade pyOpenSSL to 26.0.0
2. Construct a pyVim.sso.SecurityTokenRequest object and call the sign_request method
3. The Following traceback is seen:

File "/usr/lib/python3.14/site-packages/pyVim/sso.py", line 644, in sign_request
self._signature_value = _sign(self._private_key,
~~~~~^^^^^^^^^^^^^^^^^^^
self._signed_info).decode(UTF_8)
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/pyVim/sso.py", line 793, in _sign
return base64.b64encode(crypto.sign(pkey, data.encode(UTF_8), digest))
^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/cryptography/utils.py", line 79, in getattr
obj = getattr(self._module, attr)
AttributeError: module 'OpenSSL.crypto' has no attribute 'sign'
...

Expected behavior

Due to score of this CVE, it should be possible to run pyVim with PyOpenSSL 26.0.0

Additional context

No response