fix(ext/node): support encrypted PEM export and deprecated hash option in crypto keygen

[bartlomieju]

Summary

• Fix generateKeyPair for rsa-pss to fall back to deprecated hash option when hashAlgorithm is not provided, matching Node.js behavior
• Implement encrypted PEM private key export with legacy OpenSSL format (Proc-Type/DEK-Info headers) using EVP_BytesToKey key derivation
• Support AES-128-CBC, AES-192-CBC, AES-256-CBC, and DES-EDE3-CBC ciphers for PEM encryption
• Wire up cipher/passphrase options from KeyObject.export() through to the Rust op
• Add node_compat test entries for test-crypto-keygen-deprecation, test-crypto-keygen-bit-length (ignored: Rust dsa crate limitation), and test-crypto-keygen-async-rsa (ignored: legacy PEM decryption not yet supported)

Test plan

• test-crypto-keygen-deprecation.js passes (was failing due to missing hash → hashAlgorithm fallback)
• test-crypto-keygen-bit-length.js ignored with reason (dsa crate only supports fixed key sizes)
• test-crypto-keygen-async-rsa.js ignored with reason (legacy PEM decryption not yet implemented)
• Encrypted PEM output matches expected format (Proc-Type/DEK-Info headers, correct base64 line wrapping)

🤖 Generated with Claude Code

[littledivy]

The PEM export path introduces a high-severity security/compatibility bug: if callers provide only one of cipher or passphrase, the code silently falls back to exporting an unencrypted private key. This can leak key material unexpectedly and does not match expected option validation behavior. The export API must reject partial encryption configuration rather than downgrading to plaintext output.

[littledivy]

[high] PEM encryption is applied only when both cipher and passphrase are Some; if only one is provided, the function silently exports an unencrypted key. This is a dangerous implicit downgrade and behavior mismatch. Add explicit validation: if exactly one of cipher/passphrase is set, return an error (TypeError/validation error) instead of exporting plaintext.