Use mlock() on private keys

I doubt apps using mbedtls usually run on “embedded devices” without swaps configured, but mlocking sensitive data is a good practice. openssl does it. It’d be a good idea if mbedtls does it, too.