[PM-32438] Implement cose encoding for RSA keys

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-32438

📔 Objective

Implements support for encoding RSA keys as COSE. We already support encoding symmetric, AEAD, keys as COSE, and signing / verifying keys as COSE. This PR adds support for private keys.

The intention is that the "Key-protected-key-envelope" safe primitive only allows COSE encodings of private, signing keys.

Note: Key-id's are usually randomly generated in COSE. However, we still allow DER/PEM encodings, at least for RSA. While these will be deprecated for encryption, we still interoperate with them so there has to be a way to represent RSA keys. Instead of giving these no key-id, instead we derive a key-id deterministically from the public-key-components of the RSA key. That gives us the benefit of the key-id, and it's application stability use-cases / traceability use-cases without any interoperability issues.

🚨 Breaking Changes

[github-actions]

Checkmarx One – Scan Summary & Details – ae35a98d-49aa-4089-a848-e358fba66eb7

Great job! No new security vulnerabilities introduced in this pull request

[github-actions]

🔍 SDK Breaking Change Detection Results

SDK Version: km/cose-rsa (3305461)
Completed: 2026-02-16 11:12:37 UTC
Total Time: 218s

Client	Status	Details
typescript	✅ No breaking changes detected	TypeScript compilation passed with new SDK version - View Details

---

Breaking change detection completed. View SDK workflow

[sonarqubecloud]

Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[codecov]

Codecov Report

❌ Patch coverage is 95.67568% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.32%. Comparing base (5072549) to head (3305461).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...bitwarden-crypto/src/keys/public_key_encryption.rs	95.67%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #769      +/-   ##
==========================================
+ Coverage   81.25%   81.32%   +0.07%     
==========================================
  Files         316      316              
  Lines       36369    36550     +181     
==========================================
+ Hits        29553    29726     +173     
- Misses       6816     6824       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.