OpenSSL seems to serialize bigints as signed value, which means the ECC
key may end up being 33 bytes instead of the 32 bytes we're expecting,
causing build to fail.
The shell script extraction is now replaced by a build.rs script that
uses OpenSSL to extract the content and do sanity checks.
Forcing generating cryptographic materials now always generate a key and
a certificate (useful to compile/flash multiple keys without them being
considered as clones). The self-signed CA is left untouched.