Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

An administrator configures `encrypt:rsa:algorithm=OAEP` expecting OAEP (Optimal Asymmetric Encryption Padding) to be used for RSA encryption. Due to an incorrect BouncyCastle transformation string, the library silently falls back to PKCS#1 v1.5, which is the same algorithm as the `DEFAULT` setting [patch_id=6466796]. An attacker who can observe ciphertexts or exploit known weaknesses of PKCS#1 v1.5 (e.g., Bleichenbacher-style padding oracle attacks) may be able to decrypt or forge messages that the administrator believed were protected by OAEP. The precondition is that the application must be configured with `encrypt:rsa:algorithm=OAEP` and use the Steeltoe encryption library.

The bug is in `RsaKeyStoreDecryptor.cs` in the `CreateCipher` method. When the algorithm parameter is `"OAEP"`, the method previously called `CipherUtilities.GetCipher("RSA/ECB/PKCS1")`, which is PKCS#1 v1.5 padding, not OAEP. The patch corrects this to `"RSA/NONE/OAEPWithSHA1AndMGF1Padding"`.

The patch changes the BouncyCastle transformation string in `RsaKeyStoreDecryptor.cs` from `"RSA/ECB/PKCS1"` to `"RSA/NONE/OAEPWithSHA1AndMGF1Padding"` [patch_id=6466796]. This ensures that when `algorithm=OAEP` is configured, the library actually uses OAEP padding with SHA-1 and MGF1 as intended, rather than silently falling back to PKCS#1 v1.5. The patch also updates test vectors to use ciphertexts genuinely encrypted with OAEP by a Spring Cloud Config Server, and adds an integration test that encrypts via a live Config Server and decrypts with the Steeltoe library to verify correctness.