Allow subscriber public keys on NIST curve P-521

[aarongable]

Fixes #218

[pgporada]

Related to letsencrypt/boulder#7541 (comment) and letsencrypt/boulder#7543

[hablutzel1]

I haven't got into the details, but https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#51-algorithms isn't going to be a problem?

The following curves are not prohibited, but are not currently supported: P-521, Curve25519, and Curve448.

[aarongable]

I haven't got into the details, but https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#51-algorithms isn't going to be a problem?

Correct, that's not a problem. As that says, P-521 is not prohibited, so it's not a policy issue for us to allow it, just an interoperability issue. And as the linked issue says, the purpose of this change is just to ensure that we are not limiting ourselves in ways that are not required.

[hablutzel1]

But won't this cause interoperability problems for the LE subscribers unknowingly using P-521 keys?

[aarongable]

This is a policy document only; changes to actual code are separate. Changing this policy allows us to make those code changes, but does not require us to do so.

[aarongable]

Superseded by #228