Azure Managed HSM keys fail to parse in azurekeyvault key manager plugin

[skeiffer]

If you attempt to use Azure Managed HSM as the backing keystore for the azurekeyvault keymanager plugin you will see a unsupported key spec error in the spire server log when the plugin loads and attempts to fetch the keys using the keyvault API.

The problem is that Azure Managed HSM uses a non-standard keytype (kty) name for keys stored in HSMs. For example, if the key is an RSA key stored in an HSM the kty will be RSA-HSM. This non-standard name will break parsing in go-jose.

The fix is to allow the "-HSM" kty values that are being returned and normalize the values so that go-jose can parse them correctly.

I will submit a PR that address this.