[nrf fromlist] modules: mbedtls: do not always enable entropy on MBEDTLS_PSA_CRYPTO_C

Make `CONFIG_MBEDTLS_PSA_CRYPTO_C` look for and enable an entropy driver
only when the Mbed TLS PSA Crypto core is used. Others don't necessarily
require entropy unconditionally, it can be an optional feature.

Additionally, make the RNG source default to
`CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` also when some other PSA
Crypto core is used. This allows avoiding code bloat by default
to avoid falling back to `CONFIG_MBEDTLS_PSA_CRYPTO_LEGACY_RNG`
which would enable more features. It may seem a bit silly to have
`CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` enabled even if we don't have
actual entropy but some places assume that if it's not defined then
the legacy path is used.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

Upstream PR #: 108256

Author: tomi-font

modules/mbedtls/Kconfig.tf-psa-crypto

@@ -412,7 +412,8 @@ config MBEDTLS_PKCS5_C
 choice MBEDTLS_PSA_CRYPTO_RNG_SOURCE
 	prompt "PSA crypto random source"
 	depends on MBEDTLS_PSA_CRYPTO_C
-	default MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if CSPRNG_ENABLED
+	default MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if CSPRNG_ENABLED \
+						   || !PSA_CRYPTO_PROVIDER_MBEDTLS
 	default MBEDTLS_PSA_CRYPTO_LEGACY_RNG
 
 config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
@@ -467,7 +468,7 @@ config MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG
 config MBEDTLS_PSA_CRYPTO_C
 	bool "Platform Security Architecture cryptography API"
 	depends on !BUILD_WITH_TFM
-	select CSPRNG_NEEDED
+	select CSPRNG_NEEDED if PSA_CRYPTO_PROVIDER_MBEDTLS
 
 config MBEDTLS_USE_PSA_CRYPTO
 	bool "Use PSA APIs instead of legacy MbedTLS when possible"