Sample programs should not depend on test code. Users should be able to take a sample program's source code (just the .c file) and link it against Mbed TLS.

Note that this applies only to sample programs, not to test programs (programs/fuzz/*, programs/test/*, programs/ssl/*2.c). In addition, the use of test certificates in SSL sample programs is dubious, but it's a topic of its own (#9079).

In terms of build process, sample programs may need to be linked with test objects when the platform configuration points to test code (e.g. MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG). So programs/Makefile should avoid passing -I ../test/... but needs to link with ../test/src/*.o.

As of 3.6+cb854d5d19e05339448afb03839bee7f7e3ecd23, there is one call to an mbedtls_test_ function in programs/x509/cert_write.c.

Goal of this issue:

• No more headers from tests/* included by programs except as follows:
  • programs/test/* and programs/fuzz/* may include test headers.
  • programs/ssl/ssl_test*, programs/ssl/ssl_client2.c, programs/ssl_server2.c may include test headers.
  • programs/ssl/* may include tests/certs.h.
• In as much as practical, do not pass -I .../test/... options in CFLAGS when compiling programs that should not depend on test code.

Duplicate of #8484