non-exportable NVM

[bigbrett]

• Add support for new "non-exportable" flag to NVM objects, keys, and certs
• Fixes unrelated tests to accommodate new feature

[Copilot]

Pull Request Overview

This PR adds support for a new "non-exportable" flag to NVM objects, keys, and certificates, preventing sensitive data from being read or exported. The implementation includes comprehensive access control checks across both regular and DMA operations.

• Adds whNvmFlags parameter to certificate storage APIs to support non-exportable certificates
• Implements access control enforcement in server-side handlers for NVM, keystore, and certificate operations
• Updates test cases to use WH_NVM_FLAGS_NONE instead of deprecated WH_NVM_FLAGS_ANY

Reviewed Changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
wolfhsm/wh_server_cert.h	Adds flags parameter to certificate addition API
wolfhsm/wh_message_cert.h	Updates message structures to include flags field
wolfhsm/wh_client.h	Updates client certificate APIs with flags support
test/wh_test_crypto.c	Adds comprehensive tests for non-exportable keystore functionality
test/wh_test_clientserver.c	Adds tests for non-exportable NVM access protection
test/wh_test_cert.c	Adds tests for non-exportable certificate functionality
src/wh_server_nvm.c	Implements non-exportable flag enforcement for NVM operations
src/wh_server_keystore.c	Implements non-exportable flag enforcement for key operations
src/wh_server_cert.c	Implements non-exportable flag enforcement for certificate operations
src/wh_message_cert.c	Updates message translation to handle flags field
src/wh_client_cert.c	Updates client certificate APIs to support flags
examples/demo/client/wh_demo_client_secboot.c	Updates to use proper flags value
examples/demo/client/wh_demo_client_nvm.c	Updates to use proper flags value