Remove Tag::PURPOSE before passing KeyParameters to km_dev.begin()

Some keymint/keymaster devices return an error if Tag::PURPOSE is
present in the key parameters passed to the keymint/keymaster device's
begin() method. So we remove that Tag from the KeyParameters. The
Tag::PURPOSE is communicated to begin() as a separate argument anyway,
so the begin() method still has all the information it needs.

Bug: 184861759
Test: Cuttlefish and Bramble boot
Change-Id: Ifb08565ea29b9d148879533164266ccd113618c9
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 1cf770f..f574467 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -278,6 +278,12 @@
             },
         )?;
 
+        // Remove Tag::PURPOSE from the operation_parameters, since some keymaster devices return
+        // an error on begin() if Tag::PURPOSE is in the operation_parameters.
+        let op_params: Vec<KeyParameter> =
+            operation_parameters.iter().filter(|p| p.tag != Tag::PURPOSE).cloned().collect();
+        let operation_parameters = op_params.as_slice();
+
         let (immediate_hat, mut auth_info) = ENFORCEMENTS
             .authorize_create(
                 purpose,