respond to YSA-2024-03 (YubiKey < 5.7 side-channel attack on ECC private keys)

YubiKey published security advisory YSA-2024-03 in response to a research paper branded Eucleak. Research shows that the Infineon’s cryptographic library used in YubiKeys (and many other embedded cryptographic chips, including US passports and other devices) have a side-channel attack that allows an attacker, with physical access to the key, to perform secret key extraction.

It seems like this affects all apps on the YubiKey, including HSM, PIV, FIDO2 and OpenPGP.

Scope how this affects us and how we should respond.

/cc @tpo/tpa @shelikhoo