fix(ra-tls): stabilize derive_dh_secret encoding

[kvinwang]

Fixes #553.

This changes derive_dh_secret so that the derived X25519 secret no longer depends on library-defined PKCS#8 encoding details.

Previously the function:

• derived a P-256 key pair from the KMS root CA key using HKDF, then
• computed SHA256(rcgen::KeyPair::serialized_der()) and used that as the X25519 private key material.

That approach made the derived secret fragile to changes in rcgen / pkcs8 (for example, adding or removing optional PKCS#8 fields could change the DER without changing the underlying key).

The new implementation:

• decodes the root CA key from rcgen::KeyPair into a P-256 scalar,
• derives the same 32-byte scalar via HKDF as before,
• computes the corresponding P-256 public key, and
• builds a fixed, Dstack-defined PKCS#8 PrivateKeyInfo for prime256v1, where only the 32-byte private key and the 65-byte uncompressed public key vary.

We then hash this fixed layout with SHA-256. The layout is chosen to exactly match the previous p256/pkcs8 output for P-256 keys, and a regression test (test_derive_dh_secret_compatible_with_previous_encoding) asserts that the new implementation produces the same output as the old rcgen::KeyPair::serialized_der()-based path.

As a result, updating rcgen or pkcs8 can no longer silently change the derived secret, while existing deployments keep using the same derived keys.