Create keys with pkcs11-tool --id

The keyfromlabel system ECDSA tests sometimes fail. When this happens
the ZSK and KSK key id values differ by 1, which is an indication that
the same key is used for both DNSKEY records.

When the private key is retrieved with 'ENGINE_load_private_key()', the
public key is already set. But sometimes that key differs from the key
which was retrieved with 'ENGINE_load_public_key()'.

The libp11 source code uses id to find the key and without IDs all the
keys are "equal", so it is returning the first key in the array of the
enumerated keys instead of the matching key. In our test we didn't use
'--id', just '--label'. With this change, the system test should no
longer fail intermittently.

Note this is only an issue for ECDSA keys, not RSA keys.

bin/tests/system/keyfromlabel/tests.sh

@@ -22,7 +22,9 @@ keygen() {
 	zone="$3"
 	id="$4"
 
-	pkcs11-tool --module $SOFTHSM2_MODULE -l -k --key-type $type:$bits --label "${id}-${zone}" --pin $(cat $PWD/pin) > pkcs11-tool.out.$zone.$id || return 1
+	label="${id}-${zone}"
+	p11id=$(echo "${label}" | sha1sum - | awk '{print $1}')
+	pkcs11-tool --module $SOFTHSM2_MODULE -l -k --key-type $type:$bits --label "${label}" --id "${p11id//$'\n'/}" --pin $(cat $PWD/pin) > pkcs11-tool.out.$zone.$id || return 1
 }
 
 keyfromlabel() {