Remove support for cryptography < 3.4 (#878)

* Stop passing backend to cryptography.

* Make public_bytes() fallback the default.

* Remove compatibility code for older cryptography versions.

* Require cryptography 3.4+.

* Restrict to cryptography >= 3.4 in integration tests.

* Remove Debian Bullseye from CI.

It only supports cryptography 3.3.

* Improve imports.

* Remove no longer existing conditional.

plugins/modules/get_certificate.py

@@ -121,7 +121,7 @@ notes:
   - When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
 requirements:
   - "Python >= 3.10 when O(get_certificate_chain=true)"
-  - "cryptography >= 1.6"
+  - "cryptography >= 3.4"
 
 seealso:
   - plugin: community.crypto.to_serial
@@ -292,14 +292,13 @@ from ansible_collections.community.crypto.plugins.module_utils.version import (
 )
 
 
-MINIMAL_CRYPTOGRAPHY_VERSION = "1.6"
+MINIMAL_CRYPTOGRAPHY_VERSION = "3.4"
 
 CRYPTOGRAPHY_IMP_ERR = None
 try:
     import cryptography
     import cryptography.exceptions
     import cryptography.x509
-    from cryptography.hazmat.backends import default_backend as cryptography_backend
 
     CRYPTOGRAPHY_VERSION = LooseVersion(cryptography.__version__)
 except ImportError:
@@ -528,9 +527,7 @@ def main():
     result["cert"] = cert
 
     if backend == "cryptography":
-        x509 = cryptography.x509.load_pem_x509_certificate(
-            to_bytes(cert), cryptography_backend()
-        )
+        x509 = cryptography.x509.load_pem_x509_certificate(to_bytes(cert))
         result["subject"] = {}
         for attribute in x509.subject:
             result["subject"][cryptography_oid_to_name(attribute.oid, short=True)] = (