Fix COSE type of key-agreement keys.

The key-agreement keys in the PIN protocol use COSE type -25. I'm not
sure if that's written down anywhere, but it's what everything else does
and it's an ECDH type rather than an ECDSA type.

fido2/cose_key.h

@@ -16,7 +16,7 @@
 #define COSE_KEY_KTY_EC2        2
 #define COSE_KEY_CRV_P256       1
 
-
 #define COSE_ALG_ES256            -7
+#define COSE_ALG_ECDH_ES_HKDF_256 -25
 
 #endif

fido2/ctap.c

@@ -1476,7 +1476,7 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
 
             ret = cbor_encode_int(&map, RESP_keyAgreement);
             check_ret(ret);
-            ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ES256);
+            ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ECDH_ES_HKDF_256);
             check_retr(ret);
 
             break;