feat(wsse): add pure-Python WS-Security signing (no xmlsec dependency)

Add `zeep.wsse.crypto` module as a drop-in alternative to the existing
xmlsec-based `zeep.wsse.signature` module. Uses the `cryptography`
library instead of the C-based `xmlsec`, making installation
straightforward on all platforms.

New capabilities beyond the xmlsec-based module:
- No C library dependency (pure Python via `cryptography` + `lxml`)
- PKCS#12 (.p12/.pfx) key loading support
- Configurable signed parts (Body, Timestamp, UsernameToken,
  BinarySecurityToken, or any element with wsu:Id)
- Per-reference inclusive namespace prefixes for exclusive C14N
- Mixed digest/signature algorithms (e.g. SHA-256 digests + RSA-SHA1)

Classes: CryptoSignature, CryptoBinarySignature, CryptoMemorySignature,
CryptoBinaryMemorySignature, PKCS12Signature

Install with: pip install zeep[crypto]

Closes mvantellingen#1357, relates to mvantellingen#1419, mvantellingen#1428, mvantellingen#1363, mvantellingen#1318

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: martincollignon

setup.py

@@ -24,6 +24,10 @@
     "xmlsec>=0.6.1",
 ]
 
+crypto_require = [
+    "cryptography>=3.0",
+]
+
 tests_require = [
     "coverage[toml]==5.2.1",
     "freezegun==0.3.15",
@@ -43,9 +47,7 @@
 
 
 with open("README.rst") as fh:
-    long_description = re.sub(
-        "^.. start-no-pypi.*^.. end-no-pypi", "", fh.read(), flags=re.M | re.S
-    )
+    long_description = re.sub("^.. start-no-pypi.*^.. end-no-pypi", "", fh.read(), flags=re.M | re.S)
 
 setup(
     name="zeep",
@@ -66,6 +68,7 @@
         "test": tests_require,
         "async": async_require,
         "xmlsec": xmlsec_require,
+        "crypto": crypto_require,
     },
     entry_points={},
     package_dir={"": "src"},

src/zeep/wsse/__init__.py

@@ -2,10 +2,31 @@
 from .signature import BinarySignature, MemorySignature, Signature
 from .username import UsernameToken
 
+try:
+    from .crypto import (
+        CryptoBinaryMemorySignature,
+        CryptoBinarySignature,
+        CryptoMemorySignature,
+        CryptoSignature,
+        PKCS12Signature,
+    )
+except ImportError:
+    # cryptography not installed — pure-python signing unavailable
+    CryptoBinaryMemorySignature = None
+    CryptoBinarySignature = None
+    CryptoMemorySignature = None
+    CryptoSignature = None
+    PKCS12Signature = None
+
 __all__ = [
     "Compose",
     "BinarySignature",
     "MemorySignature",
     "Signature",
     "UsernameToken",
+    "CryptoBinaryMemorySignature",
+    "CryptoBinarySignature",
+    "CryptoMemorySignature",
+    "CryptoSignature",
+    "PKCS12Signature",
 ]