fix(core): Let default basic keymanager work again (#2858)

### Proposed Changes

The recent change to us the ProviderConfig accidentally makes that field
required for all keys already loaded from the policy db. Since most
(all) existing keys won't have this set, and any keys imported via the
command line tool's import don't have it set, we should keep the old
behavior

### Checklist

- [ ] I have added or updated unit tests
- [ ] I have added or updated integration tests (if appropriate)
- [ ] I have added or updated documentation

### Testing Instructions

(cherry picked from commit fb0b99d)

Author: opentdf-automation[bot]

service/trust/delegating_key_service.go

@@ -119,9 +119,6 @@ func (d *DelegatingKeyService) Decrypt(ctx context.Context, keyID KeyIdentifier,
 	}
 
 	pcfg := keyDetails.ProviderConfig()
-	if pcfg == nil {
-		return nil, fmt.Errorf("decrypt: key details for key ID '%s' returned nil ProviderConfig", keyID)
-	}
 	manager, err := d.getKeyManager(ctx, pcfg)
 	if err != nil {
 		return nil, fmt.Errorf("decrypt: unable to get key manager [%s#%s]: %w", pcfg.GetManager(), pcfg.GetName(), err)
@@ -137,9 +134,6 @@ func (d *DelegatingKeyService) DeriveKey(ctx context.Context, keyID KeyIdentifie
 	}
 
 	pcfg := keyDetails.ProviderConfig()
-	if pcfg == nil {
-		return nil, fmt.Errorf("derive: key details for key ID '%s' returned nil ProviderConfig", keyID)
-	}
 	manager, err := d.getKeyManager(ctx, pcfg)
 	if err != nil {
 		return nil, fmt.Errorf("derive: unable to get key manager [%s#%s]: %w", pcfg.GetManager(), pcfg.GetName(), err)
@@ -212,9 +206,11 @@ func (d *DelegatingKeyService) _defKM(ctx context.Context) (KeyManager, error) {
 }
 
 func (d *DelegatingKeyService) getKeyManager(ctx context.Context, cfg *policy.KeyProviderConfig) (KeyManager, error) {
-	d.mutex.Lock()
+	if cfg == nil {
+		return d._defKM(ctx)
+	}
 
-	// Check For Manager First
+	d.mutex.Lock()
 	designation := keyManagerDesignation{
 		Manager: cfg.GetManager(),
 		Name:    cfg.GetName(),
@@ -223,11 +219,7 @@ func (d *DelegatingKeyService) getKeyManager(ctx context.Context, cfg *policy.Ke
 		d.mutex.Unlock()
 		return manager.KeyManager, nil
 	}
-
-	// Check Factory
 	factory, factoryExists := d.managerFactories[designation.Manager]
-	// Read defaultMode under lock for comparison.
-	currentDefaultMode := d.defaultMode
 	allManagers := slices.Collect(maps.Keys(d.managerFactories))
 	d.mutex.Unlock()
 
@@ -258,7 +250,6 @@ func (d *DelegatingKeyService) getKeyManager(ctx context.Context, cfg *policy.Ke
 	d.l.Debug("key manager factory not found for name, attempting to use/load default",
 		slog.Any("key_managers", allManagers),
 		slog.Any("requested_name", designation),
-		slog.Any("configured_default_mode", currentDefaultMode),
 	)
 	return d._defKM(ctx) // _defKM handles erroring if the default manager itself cannot be loaded.
 }