Possibly, lower public part of key-bundle logic from hsclient to hscrypto?

In tor_hsclient::keys, there is some code for managing secret keys from a client. While we decide whether to remove or disable intro_auth support there (#1037 (closed)), we should also decide if it makes sense to lower this code into tor-hscrypto, since a lot of it will be shared with tor-hsservice.

In particular, we want the public part of a key-bundle to be serialized and deserialized in either the format expected by C tor, or in the format expected by arti (discussed in #1028). Since clients will want to be able to generate and export their public keys, and services will want to be able to read them, it probably makes sense for the data structure itself to be shared.

cc @gabi-250