tpm2: If unsealing results in policy hash mismatch when using RSA pubkey, possibly...

tpm2: If unsealing results in policy hash mismatch when using RSA pubkey, possibly retry

The commit e3acb4d24c68291376b11bea5787112978e2775f changed how we format a
TPM2B_PUBLIC object from an openssl PEM RSA key if it used the TPM-defined
"default" RSA exponent, to instead set the TPM2B_PUBLIC RSA exponent to the
special-case value of 0. This broke backwards compatibility with
previously-sealed data. The previous commit fixed our code to no longer use the
"special case" exponent value of 0, while this commit adds a fallback check for
any sealed data that used the exponent value of 0. Now unsealing should work
for sealed data that used either method (either 0 or the actual value).