Use type-safe wrappers instead of EVP_PKEY_assign

In OpenSSL, these are macros, so they didn't get imported by bindgen,
but they're proper functions in BoringSSL and we'd prefer
callers use those for safety. For OpenSSL, just add the corresponding
functions in openssl-sys, matching how rust-openssl handles
EVP_PKEY_CTX_ctrl.

Using the type-safe wrappers flags that rust-openssl was trying to
convert DH to EVP_PKEY, but BoringSSL doesn't actually support this. (DH
is a legacy primitive, so we haven't routed it to EVP_PKEY right now.)