Rework RSA privkey handling

Giving the certificate as input to `tls13crypto::sign` is a workaround to allow `libcrux` the reconstruction of a signing key from the private exponent bytes in `sk` and the public key in the certificate. Ideally we should be able to provide a complete RSA private key in `sk` instead.