oak_crypto depends on oak_dice

[tiziano88]

          that's a good point, I agree oak_crypto should not depend on oak_dice at all, but it looks like it does already:

oak/oak_crypto/src/encryptor.rs

Lines 48 to 80 in ebb0aab

	impl TryFrom<&oak_dice::evidence::RestrictedKernelDiceData> for EncryptionKeyProvider {
	type Error = anyhow::Error;
	fn try_from(
	dice_data: &oak_dice::evidence::RestrictedKernelDiceData,
	) -> Result<Self, Self::Error> {
	let claims = dice_data
	.evidence
	.application_keys
	.claims()
	.map_err(|err| {
	anyhow::anyhow!("couldn't parse encryption public key certificate: {err}")
	})?;
	let private_key = PrivateKey::from_bytes(
	&dice_data.application_private_keys.encryption_private_key
	[..oak_dice::evidence::X25519_PRIVATE_KEY_SIZE],
	)
	.map_err(|error| anyhow::anyhow!("couldn't deserialize private key: {}", error))?;
	let public_key = {
	let cose_key =
	oak_dice::cert::get_public_key_from_claims_set(&claims).map_err(|err| {
	anyhow::anyhow!("couldn't get public key from certificate: {err}")
	})?;
	oak_dice::cert::cose_key_to_hpke_public_key(&cose_key)
	.map_err(|err| anyhow::anyhow!("couldn't extract public key: {err}"))?
	};
	let encryption_key_provider = EncryptionKeyProvider::new(
	private_key,
	PublicKey::from_bytes(&public_key)
	.map_err(|err| anyhow::anyhow!("couldn't decode public key: {err}"))?,
	);
	Ok(encryption_key_provider)
	}
	}

Maybe that impl should be moved to oak_dice?

Originally posted by @tiziano88 in #4683 (comment)

[tiziano88]

Not super urgent, but the dependency here is backwards -- oak_crypto should know nothing about DICE. In fact, we may want to use it on Intel TDX (for which we may not rely on DICE at all).