Historically, PolarSSL and later Mbed TLS modules had separate sets of error codes. For example, each module that allocates heap memory has its own MBEDTLS_ERR_xxx_ALLOC_FAILED error code.

The goal of this task is to unify error codes in Mbed TLS that aren't specific to a single module. Keep the identifier internally, but don't document it or export it.

For example, replace

#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED ...

in a public header to

#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY

in a private header. In any public documentation that mentions MBEDTLS_ERR_PKCS7_ALLOC_FAILED explicitly, replace it with PSA_ERROR_INSUFFICIENT_MEMORY.

(Alternatively, if hiding the definition of the error code is hard for some reason, we can keep the old error macro name as a public alias. It's a bit confusing for users, but not a showstopper.)

This is an API break because code like

switch (ret) {
    case MBEDTLS_ERR_FOO:
    case MBEDTLS_ERR_BAR:
        ...
}

will stop compiling if MBEDTLS_ERR_BAR changes to have the same value as MBEDTLS_ERR_FOO.

This can be done in several steps, a few error conditions at a time. (I don't recommend doing it module by module, because we should try to be consistent about error conditions, e.g. we should avoid having X.509 with its own ALLOC_FAILED value but TLS using the PSA one.)