Since this is super-high profile package, it needs to remove the dependency on dev-python/cryptography since the latter can no longer provide support for half of the keywords ca-certificates have. This package will be a major blocker for security cleanup of cryptography when another vulnerability is found.
https://bugs.gentoo.org/821706#c4 has a proposed patch.
https://github.com/gentoo/gentoo/pull/23087/commits/7d89b0ed63f96eb1a271b231d0a4cbf6163739f5 was merged a while ago.