Key protection for computing platform

What is claimed is: 1. A processing device in a computing system, comprising: non-volatile data storage hardware, wherein the data storage hardware stores at least one secure credential that is uniquely associated with the processing device, wherein the secure credential includes a private key of a public-private key pair; and execution circuitry comprising at least one security accelerator and at least one processor core, the execution circuitry to perform operations to: access a symmetric wrapper key in a first memory of the computing system, the symmetric wrapper key associated with a client entity, wherein the symmetric wrapper key is encrypted in the first memory, and wherein the symmetric wrapper key is encrypted based on a public key of the public-private key pair; decrypt the symmetric wrapper key using the private key of the public-private key pair; access a client private key in a second memory of the computing system, the client private key associated with the client entity, wherein the client private key is encrypted in the second memory, and wherein the client private key is encrypted based on the symmetric wrapper key; decrypt the client private key with the symmetric wrapper key; and execute a computation in a trusted execution environment of the processing device, using the decrypted client private key, to produce a computation result for the client entity; wherein to execute the computation in the trusted execution environment includes to execute the computation with the processor core; and wherein the decrypted client private key is securely maintained by the execution circuitry and the execution circuitry prevents access to the decrypted client private key by an entity outside the trusted execution environment. 2. The processing device of claim 1 , wherein the trusted execution environment is implemented using at least one secure enclave. 3. The processing device of claim 1 , wherein the computation result is part of a client workload, wherein the client workload is executed with the processor core using at least one of: a virtual network function, a virtual machine, or a container. 4. The processing device of claim 1 , wherein the secure credential is permanently set, and wherein the secure credential represents a root of trust to one of: a manufacturer of the security accelerator or the processing device; a distributor of the security accelerator or the processing device; an original equipment manufacturer of a product incorporating the security accelerator or the processing device; a credential authority; or an owner or system administrator entity of the computing system in which the processing device is deployed. 5. The processing device of claim 1 , wherein the processing device comprises: a central processor unit (CPU); a system-on-chip (SoC); a smart network interface card (NIC); or a Peripheral Component Interconnect (PCI) Express device. 6. The processing device of claim 1 , wherein the non-volatile data storage hardware includes a set of programmable fuses, and wherein the secure credential is stored using the programmable fuses. 7. The processing device of claim 1 , the security accelerator further to perform at least one cryptographic operation for the computation. 8. The processing device of claim 1 , the execution circuitry further to provide the computation result to the client entity via a secured communication. 9. The processing device of claim 1 , wherein the client entity corresponds to a (i) customer, (ii) tenant, or (iii) operator of a virtual network function, a virtual machine, or a container configured to be executed with the processing device. 10. The processing device of claim 1 , wherein the execution circuitry performs the operations based on instructions provided in firmware. 11. A method for secure operation of a processing device, comprising: identifying at least one secure credential that is uniquely associated with the processing device, wherein the secure credential includes a private key of a public-private key pair; obtaining a symmetric wrapper key, the symmetric wrapper key provided from a client entity, wherein the symmetric wrapper key is encrypted, and wherein the symmetric wrapper key is encrypted based on a public key of the public-private key pair; decrypting the symmetric wrapper key using the private key of the public-private key pair; obtaining a client private key, the client private key provided from the client entity, wherein the client private key is encrypted, and wherein the client private key is encrypted based on the symmetric wrapper key; decrypting the client private key with the symmetric wrapper key; and executing a computation in a trusted execution environment of the processing device, using the decrypted client private key, to produce a computation result for the client entity; wherein executing the computation in the trusted execution environment includes executing the computation with at least one processor core of the processing device; and wherein the decrypted client private key is securely maintained in the processing device and is inaccessible by an entity outside the trusted execution environment. 12. The method of claim 11 , wherein the trusted execution environment is implemented using at least one secure enclave. 13. The method of claim 11 , wherein the computation result is part of a client workload, wherein the client workload is executed with the processor core using at least one of: a virtual network function, a virtual machine, or a container. 14. The method of claim 11 , wherein the secure credential is permanently set, and wherein the secure credential represents a root of trust to one of: a manufacturer of the processing device; a distributor of the processing device; an original equipment manufacturer of a product incorporating the processing device; a credential authority; or an owner or system administrator entity of a computing system in which the processing device is deployed. 15. The method of claim 11 , wherein the processing device comprises: a central processor unit (CPU); a system-on-chip (SoC); a smart network interface card (NIC); or a Peripheral Component Interconnect (PCI) Express device. 16. The method of claim 11 , wherein the at least one secure credential is stored in non-volatile data storage hardware, the non-volatile data storage hardware provided from a set of programmable fuses of the processing device. 17. The method of claim 11 , further comprising: performing at least one cryptographic operation for the computation, using a security accelerator of the processing device. 18. The method of claim 11 , further comprising: providing the computation result to the client entity via a secured communication. 19. The method of claim 11 , wherein the client entity corresponds to a (i) customer, (ii) tenant, or (iii) operator of a virtual network function, a virtual machine, or a container configured to be executed with the processing device. 20. At least one non-transitory machine-readable medium, comprising instructions that, when executed by a processing device, cause the processing device to: identify at least one secure credential that is uniquely associated with the processing device, wherein the secure credential includes a private key of a public-private key pair; obtain a symmetric wrapper key, the symmetric wrapper key provided from a client entity, wherein the symmetric wrapper key is encrypted, and wherein the symmetric wrapper key is en