I'm curious to know what the capabilities of the hardware are and if Apple is actually preventing the application developers from using all the features of the hardware chip.

At least some of the hardware accelerated AES and SHA is coming from the CPU capabilities of ARMv8-a and above. ARMv8-a is ARM-64, and you can see it via:

$ clang++ -arch arm64 -dM -E - < /dev/null | sort | egrep -i '(arm|aarch)'
#define __AARCH64EL__ 1
#define __AARCH64_SIMD__ 1
#define __ARM64_ARCH_8__ 1
#define __ARM_64BIT_STATE 1
#define __ARM_ACLE 200
#define __ARM_ALIGN_MAX_STACK_PWR 4
#define __ARM_ARCH 8
#define __ARM_ARCH_ISA_A64 1
#define __ARM_ARCH_PROFILE 'A'
#define __ARM_FEATURE_CLZ 1
#define __ARM_FEATURE_CRYPTO 1
#define __ARM_FEATURE_DIV 1
#define __ARM_FEATURE_FMA 1
#define __ARM_FEATURE_UNALIGNED 1
#define __ARM_FP 0xe
#define __ARM_FP16_FORMAT_IEEE 1
#define __ARM_FP_FENV_ROUNDING 1
#define __ARM_NEON 1
#define __ARM_NEON_FP 7
#define __ARM_NEON__ 1
#define __ARM_PCS_AAPCS64 1
#define __ARM_SIZEOF_MINIMAL_ENUM 4
#define __ARM_SIZEOF_WCHAR_T 4
#define __aarch64__ 1
#define __arm64 1
#define __arm64__ 1

With __ARM_FEATURE_CRYPTO in effect, you get access to the arm assembler instructions and arm intrinisics customarily found in <arm_neon.h> and <arm_acle.h>.

I don't know whether this is the same AES circuit on the DMA data path from storage to memory. I believe this AES is part of the Data Protection API announced in iOS 4.3.

You might be able to find the answer in Jean-Baptiste Bédrune and Jean Sigwald iPhone data protection in depth; and Dino Zavi's Apple iOS 4 Security Evaluation.