fix: release PIV connection during PIN prompts - avoid "the smart card has been reset" error

[Joerger]

Changelog: Fix an issue with Hardware Key Support on Windows where a command would fail if the PIN prompt was not answered within 5 seconds.

Changes:

• Instead of having piv-go check if PIN is required, always try signing without PIN to determine if PIN is required. This makes it possible to prompt for PIN and verify it in a new connection, which won't have timed out.
• Refactor PIV signature method into steps. In addition to simplifying the logic considerably (e.g. decoupled PIN and touch prompts), this allows for the connection to be released/reconnected between retries. It also enables signatures to occur concurrently while still ensuring the prompts do not.
• Refactor PIV connection sharing logic to enable any PIV request to reconnect and retry after the 5 second timeout
  • Removed this change as it bloated this PR and is generally not necessary now that the YubiKey connection is released during the PIN prompt. However, it is still theoretically possible to get the "the smart card has been reset" error and this PR adds no way to reconnect and retry. This can be addressed in a follow up PR.

Please see go-piv/piv-go#172, go-piv/piv-go#173, and go-piv/piv-go#174 for more context.

Fixes #54332

re-drafted

[Joerger]

Reviewers, I took out a substantial portion of the initial changes (the retry on pcscResetCardErr logic), see the PR description for details. I'm working on removing some outdated comments about the pcscResetCardErr, but otherwise it's ready for review. Sorry if any of you were in the middle of reviewing.

[Joerger]

@tigrato friendly ping to review

[backport-bot-workflows]

@Joerger See the table below for backport results.

Branch	Result
branch/v16	Create PR
branch/v17	Create PR