If cards/libraries don't support signature mechanisms with hashing, we fall back to do it ourselves in software and pass the PKCS#1 digestInfo ASN.1 structure to sign via CKM_RSA_PKCS mechanism. Closes strongswan/strongswan#168.