Default to 4096 bit for OEM factory reset (fixes #831)

[techge]

Fixes #831

[tlaurion]

@techge @flammit
This is exactly what i'm talking about. Should we ask contributors to think about space constraints of smaller boards when they propose good changes like this one?

@flammit should I merge? this forces gpg2 module (required for 4096 key generation) usage and implies that all boards will use gpg2 module in the future.

Precedently of our discussion, I would merge. Now I just can't.

@flammit your input welcome.

@techge : some context: for the time being, and considering space constaints of xx20 and xx30 and other boards needing gpg but not necessarily gpg2 which was introduced to be able to generate 4096 keys, this changeset would need to depend on GPG2 binary module presence exclusively to be mergeable with that consideration.

So a test could be added to check the version output of gpg binary, and only force 4096 bits when gpg v2+, while putting it to 2048 if not.

[flammit]

I don't understand why there would be an issue merging this. Heads currently already assumes that the gpg installed is gpg2, so there's no harm in committing this.

In the future if it is possible to have either gpg1 or gpg2 be an included module on a board, then that PR that introduces gpg1 should also update the logic here so that the additions of this PR (or any other feature that requires gpg2) are only run when the gpg2 module is used.

[tlaurion]

Allright! Merging! Happy merge day!