Remove incompatible API from PKCS netstandard2.0 lib

The package used to contain a reference assembly that did not describe
these members.  When the reference assemblies were removed from
the package, these members became visible; but they aren't present on
.NET Framework, so a netstandard 2.0 build that runs on .NET Framework
gets a lot of missing member exceptions.

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs

@@ -21,7 +21,11 @@ public sealed class CmsSigner
         private RSASignaturePadding? _signaturePadding;
 
         public X509Certificate2? Certificate { get; set; }
+#if NET || NETSTANDARD2_1
         public AsymmetricAlgorithm? PrivateKey { get; set; }
+#else
+        private AsymmetricAlgorithm? PrivateKey { get; set; }
+#endif
         public X509Certificate2Collection Certificates { get; } = new X509Certificate2Collection();
         public Oid DigestAlgorithm { get; set; }
         public X509IncludeOption IncludeOption { get; set; }
@@ -32,7 +36,12 @@ public sealed class CmsSigner
         /// Gets or sets the RSA signature padding to use.
         /// </summary>
         /// <value>The RSA signature padding to use.</value>
-        public RSASignaturePadding? SignaturePadding
+#if NET || NETSTANDARD2_1
+        public
+#else
+        private
+#endif
+        RSASignaturePadding? SignaturePadding
         {
             get => _signaturePadding;
             set
@@ -83,7 +92,12 @@ public CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2? c
         {
         }
 
-        public CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2? certificate, AsymmetricAlgorithm? privateKey)
+#if NET || NETSTANDARD2_1
+        public
+#else
+        private
+#endif
+        CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2? certificate, AsymmetricAlgorithm? privateKey)
             : this(signerIdentifierType, certificate, privateKey, signaturePadding: null)
         {
         }
@@ -105,7 +119,12 @@ public CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2? c
         /// <param name="signaturePadding">
         /// The RSA signature padding to use.
         /// </param>
-        public CmsSigner(
+#if NET || NETSTANDARD2_1
+        public
+#else
+        internal
+#endif
+        CmsSigner(
             SubjectIdentifierType signerIdentifierType,
             X509Certificate2? certificate,
             RSA? privateKey,

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/ContentInfo.cs

@@ -48,9 +48,11 @@ public static Oid GetContentType(byte[] encodedMessage)
             return PkcsPal.Instance.GetEncodedMessageType(encodedMessage);
         }
 
+#if NET || NETSTANDARD2_1
         public static Oid GetContentType(ReadOnlySpan<byte> encodedMessage)
         {
             return PkcsPal.Instance.GetEncodedMessageType(encodedMessage);
         }
+#endif
     }
 }

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/EnvelopedCms.cs

@@ -151,7 +151,12 @@ public void Decode(byte[] encodedMessage)
         /// <exception cref="CryptographicException">
         ///   The <paramref name="encodedMessage"/> parameter was not successfully decoded.
         /// </exception>
-        public void Decode(ReadOnlySpan<byte> encodedMessage)
+#if NET || NETSTANDARD2_1
+        public
+#else
+        internal
+#endif
+        void Decode(ReadOnlySpan<byte> encodedMessage)
         {
             if (_decryptorPal != null)
             {
@@ -219,7 +224,12 @@ public void Decrypt(X509Certificate2Collection extraStore)
             DecryptContent(RecipientInfos, extraStore);
         }
 
-        public void Decrypt(RecipientInfo recipientInfo, AsymmetricAlgorithm? privateKey)
+#if NET || NETSTANDARD2_1
+        public
+#else
+        internal
+#endif
+        void Decrypt(RecipientInfo recipientInfo, AsymmetricAlgorithm? privateKey)
         {
             if (recipientInfo is null)
             {

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Rfc3161TimestampRequest.cs

@@ -180,7 +180,7 @@ public static Rfc3161TimestampRequest CreateFromSignerInfo(
             // hash of the value of signature field within SignerInfo for the
             // signedData being time-stamped.
             return CreateFromData(
-                signerInfo.GetSignature(),
+                signerInfo.GetSignatureMemory().Span,
                 hashAlgorithm,
                 requestedPolicyId,
                 nonce,

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs

@@ -166,7 +166,12 @@ public void Decode(byte[] encodedMessage)
             Decode(new ReadOnlySpan<byte>(encodedMessage));
         }
 
-        public void Decode(ReadOnlySpan<byte> encodedMessage)
+#if NET || NETSTANDARD2_1
+        public
+#else
+        internal
+#endif
+        void Decode(ReadOnlySpan<byte> encodedMessage)
         {
             // Hold a copy of the SignedData memory so we are protected against memory reuse by the caller.
             _heldData = CopyContent(encodedMessage);
@@ -670,7 +675,12 @@ internal ref SignedDataAsn GetRawData()
             return ref _signedData;
         }
 
-        public void AddCertificate(X509Certificate2 certificate)
+#if NET || NETSTANDARD2_1
+        public
+#else
+        internal
+#endif
+        void AddCertificate(X509Certificate2 certificate)
         {
             int existingLength = _signedData.CertificateSet?.Length ?? 0;
 
@@ -704,7 +714,12 @@ public void AddCertificate(X509Certificate2 certificate)
             Reencode();
         }
 
-        public void RemoveCertificate(X509Certificate2 certificate)
+#if NET || NETSTANDARD2_1
+        public
+#else
+        internal
+#endif
+        void RemoveCertificate(X509Certificate2 certificate)
         {
             int existingLength = _signedData.CertificateSet?.Length ?? 0;