Add support for management key derivation from PIN like YubiKey Manager

[ecerulm]

The PIV guide https://developers.yubico.com/PIV/Guides/Device_setup.html hints setting up the YubiKey using a management keyderived from PIN with

ykman piv change-management-key --generate --protect

But after doing that yubico-piv-tool will fail withFailed authentication with the application: Authentication error. in commands like:

yubico-piv-tool -s 9a -a generate -o public.pem

The culprit is explained at #153 (comment) where they explain the the management key derived from PIN is not supported by yubico-piv-tool.

Although ykman piv xxxx (the cli for Yubikey Manager) could be used as a replacement for yubico-piv-tool and it does already supports this management key derivation from PIN, the fact is that a lot of the documentation uses yubico-piv-tool so it would be good if yubico-piv-tool supported this.

If there is already a decision not to support this, it would least it if could detect that the "management key derivation from PIN" is activated on the Yubikey and give a more concrete error message like "management key protected by PIN use ykman instead of yubico-piv-tool"

Related ##153