mbedtls: fix Mbed TLS Kconfig options

PR #72475 disabled default enabling of most Mbed TLS features.
This means that:

- CONFIG_MBEDTLS_CIPHER_AES_ENABLED needs to be manually enabled
  when required;
- CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC does not need to
  be (almost) always added because there is no default RSA
  key-exchange enabled, so PSA can be built without RSA support.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>