Default behavior changes
   * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem
     to perform cryptographic operations, with a few exceptions documented
     in docs/use-psa-crypto.md. This corresponds to the behavior of
     Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. In effect,
     MBEDTLS_USE_PSA_CRYPTO is now always enabled.
   * psa_crypto_init() must be called before performing any cryptographic
     operation, including indirect requests such as parsing a key or
     certificate or starting a TLS handshake.