py3-cryptography does not indicate dependency on openssl-provider-legacy or needs CRYPTOGRAPHY_OPENSSL_NO_LEGACY

[smoser]

A simple 'import' test of py3-cryptography will fail with a stacktrace shown below.

# apk list --installed py3-cryptography
py3-cryptography-42.0.8-r0 x86_64 {py3-cryptography} (Apache-2.0 OR BSD-3-Clause) [installed]
# python3 -c 'from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurve'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py", line 11, in <module>
    from cryptography.hazmat._oid import ObjectIdentifier
  File "/usr/lib/python3.12/site-packages/cryptography/hazmat/_oid.py", line 7, in <module>
    from cryptography.hazmat.bindings._rust import (

RuntimeError: OpenSSL 3.0's legacy provider failed to load.
This is a fatal error by default, but cryptography supports running without
legacy algorithms by setting the environment variable
CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error, you have
likely made a mistake with your OpenSSL configuration.

In discussions, @xnox says:

ok, bad. imho we shouldn't require legacy cryptography out of the box or use it by default.

and i hate need for environment variable to be secure, i'd rather that be automatic (try, but don't fail, upon missing legacy provider). Or we need to add py3-cryptography dependency on openssl-provider-legacy. Or we need to build it differently / patch it / contact upstream.

i think for now, we should add runtime dep on openssl-provider-legacy as otherwise this is like a hidden pit-fall / trap for now.

https://cryptography.io/en/latest/openssl/#legacy-provider-in-openssl-3-x is the gist of it..... sort of hate that it is opt-out, not an opt-in