Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()

Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

tests/suites/test_suite_ssl.function

@@ -1374,7 +1374,9 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
                              md1, maclen,
                              &t_out->psa_mac_enc ) == PSA_SUCCESS );
 
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+        /* mbedtls_ct_hmac() requires the key to be exportable */
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+                                              PSA_KEY_USAGE_VERIFY_HASH );
 
         CHK( psa_import_key( &attributes,
                              md1, maclen,