o don't use the key index to identify when the driver has been
asked to allocate a key slot, use an explicit flag; allows
drivers to force s/w fallback for entries in the global table
o change callback api to allocate driver resources for a crypto key:
- de-const the key parameter so drivers can muck with the flags
- on callback failure don't automatically try to setup s/w crypto;
instead the driver must now mark the key entry for s/w crypto and
the caller will re-attach the cipher module
NB: api change permits drivers more control over fallback to s/w
crypto (e.g. based on a limited number of h/w key slots)
e6e547d57b