Fix cryptography PKCS7_sign _x509 error with PKCS7SignatureBuilder

[reingart]

Bump cryptography from 3.4.7 to 39.0.1, see dependabot ticket reingart#103
But, there are failures in the unit tests:

AttributeError: 'builtins.Certificate' object has no attribute '_x509'

The problem seems to be in wsaa.py line 144:

p7 = _lib.PKCS7_sign(cert._x509, private_key._evp_pkey, _ffi.NULL, bio_in, 0)

The new version of cryptography seems to have changed the signature methods: documentation:

p7 = pkcs7.PKCS7SignatureBuilder().set_data(
    b"data to sign"
).add_signer(
    cert, key, hashes.SHA256()
).sign(
    serialization.Encoding.SMIME, options
)

• Ensure this fix work both for python2 and python3 workflows

[reingart]

Python 2.7 is deprecated, but we should maintain backward compatibility, specially with old cryptography versions

waa.sign_tra() should be split in 3 separate functions:

1. sign_tra_new() for python3 current cryptography versions >= 39
2. sign_tra_old() for legacy python2 and python3 with cryptography versions < 39
3. sign_tra_openssl() for the workaround using openssl binary directly via command-line interface

The sign_tra original function should call the 3 versions in order (new, old, openssl), so it will work in any scenario.

Comments and documentation should be improved to reflect this changes, including proper Unit Tests