fix(integrationv2): Skip unsupported client auth tests

[goatgoose]

Description of changes:

The client auth integration test is not currently running on PRs, and it fails when I run it. This PR fixes this test and adds it to the integrationv2 buildspec so it will run on PRs.

I think this test would have started failing after #4949, which started allowing RSA PSS certificates to be used with TLS 1.2 in the integration tests. I think this change broke the client auth test because there's currently no logic to prevent an RSA PSS cert from being tested in a scenario in which one peer supports RSA PSS signing and the other doesn't.

This worked before when RSA PSS certificates were only tested in TLS 1.3 since TLS 1.3 tests are skipped if either provider doesn't support TLS 1.3:

s2n-tls/tests/integrationv2/utils.py

Lines 82 to 84 in 806830d

	for provider_ in providers:
	if not provider_.supports_protocol(protocol):
	return True

This PR updates the test skipping logic to skip testing RSA PSS certificates if either of the two providers don't support RSA PSS signing.

Test failure investigation

The test fails with the following error:

Stderr: Failed to negotiate: 'Server requires client certificate'. Error encountered in /codebuild/output/src2447279014/src/git-codecommit.us-west-2.amazonaws.com/v1/repos/s2n_replica/third-party-src/tls/s2n_handshake_io.c:1108

I think this error is caused by an s2n-tls server that doesn't support RSA PSS signing, and an OpenSSL 1.1.1 client that does support RSA PSS signing. The test certs are being correctly filtered for the server, so s2n-tls is given a normal RSA cert. But the client certificate isn't filtered, so OpenSSL 1.1.1 is given an RSA PSS certificate. I think since OpenSSL 1.1.1 supports RSA PSS certificates, the failure isn't observed until later when OpenSSL doesn't send any client certificate to s2n-tls, likely because s2n-tls isn't negotiating RSA PSS as the signature algorithm.

Call-outs:

It seemed weird that the logic for skipping certificates is in supports_protocol(), so I moved this to a separate supports_certificate() function.

Testing:

The client auth test was re-added to the integrationv2 buildspec for PRs, and should now succeed in this PR. I confirmed that it's now running:

    Start 276: integrationv2_client_authentication

I double checked that we're still testing RSA PSS certificates when s2n-tls is linked to a libcrypto that supports RSA PSS signing. Examples from the aws-lc log:

276: [gw1] [  0%] PASSED test_client_authentication.py::test_client_auth_with_s2n_server[RSA_4096_SHA512-RSA_PSS_2048_SHA256-DHE-RSA-AES256-GCM-SHA384-TLS1.2-S2N-OpenSSL] 
276: [gw1] [  1%] PASSED test_client_authentication.py::test_client_auth_with_s2n_server[RSA_4096_SHA512-RSA_PSS_2048_SHA256-TLS_CHACHA20_POLY1305_SHA256-TLS1.3-S2N-OpenSSL] 
276: [gw1] [ 28%] PASSED test_client_authentication.py::test_client_auth_with_s2n_server[RSA_PSS_2048_SHA256-RSA_1024_SHA256-DHE-RSA-AES128-SHA-TLS1.2-S2N-OpenSSL] 
276: [gw1] [ 29%] PASSED test_client_authentication.py::test_client_auth_with_s2n_server[RSA_PSS_2048_SHA256-RSA_1024_SHA256-TLS_AES_128_GCM_SHA256-TLS1.3-S2N-OpenSSL] 

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[goatgoose]

supports_protocol() is already called on each provider above, on line 85. So now that the certificate check is separate, this duplicate call to supports_protocol() is no longer needed.