Backends can only return a single public/private key from calls to Backend::find_(private|public)_key()

[liamjm]

FindObject returns a list of objects, see https://github.com/google/native-pkcs11/blob/main/native-pkcs11-traits/src/lib.rs#L191. This is done in 2 stages, firstly call the backend to populate the object_store, then apply a filter to the object store to return requested objects.

However, the Backend trait only returns a single object from the find_(private|public)_key() methods.
https://github.com/google/native-pkcs11/blob/main/native-pkcs11-traits/src/lib.rs#L191

pub trait Backend: Send + Sync {
    fn name(&self) -> String;
    fn find_all_certificates(&self) -> Result<Vec<Box<dyn Certificate>>>;
    fn find_private_key(&self, query: KeySearchOptions) -> Result<Option<Arc<dyn PrivateKey>>>;
    fn find_public_key(&self, query: KeySearchOptions) -> Result<Option<Box<dyn PublicKey>>>;
    fn find_all_private_keys(&self) -> Result<Vec<Arc<dyn PrivateKey>>>;
    fn find_all_public_keys(&self) -> Result<Vec<Arc<dyn PublicKey>>>;

This means that a find for a public or private key will only return a single object.

However, to make this more confusing, if a caller has already requested all keys (via find_all_private_keys() or find_all_public_keys() , then multiple keys may be returned, as these methods populate the object_store with all objects.

A suggested fix is to change the find_private_key() and find_public_key() methods to return a Vec<>, as per the find_all_*() methods.