Use smaller and safer EC keys, replacing 2048 bit RSA.
NID_X9_62_prime256v1 is roughly as secure as a 3072 bit RSA key, but way shorter.
Since we have to embed the key in the identity packet that is sent over UDP and
some stacks aren't happy with large UDP messages (notably: macos), I switched to
EC instead of to a longer RSA key.
This seems to be compatible with other clients even on older systems like Android 5.0.
I did stick with NID_X9_62_prime256v1 because stronger EC like NID_secp384r1 failed
the handshake (I didn't investigate why).
We now store the kind of key in the config, so we can know which kind of key we are loading.