salsa: Salsa20/XSalsa20 stream ciphers

crypto::salsa provides an implementation of the Salsa20 and XSalsa20 stream
ciphers, per "Salsa20 specification" by Daniel J. Bernstein.

Use [[salsa20]] to create a stream and either [[xsalsa20_init]] or
[[salsa20_init]] to set handle, key and nonce of the appropriate size,
[[NONCESZ]] for salsa20 or [[XNONCESZ]] for XSalsa20. After calling the
appropriate init function, [[io::write]] may be used to encrypt blocks to the
handle or [[io::read]] to decrypt blocks from the handle. The stream must be
closed with [[io::close]] to wipe sensitive data from memory.

Writing blocks of length [[BLOCKSZ]] is not required. However, seeking the key
stream with [[setctr]] only operates in units of [[BLOCKSZ]].

This is a low-level module which implements cryptographic primitives. Direct use
of cryptographic primitives is not recommended for non-experts, as incorrect use
of these primitives can easily lead to the introduction of security
vulnerabilities. Non-experts are advised to use the high-level operations
available in the top-level [[crypto::]] module.

Be advised that Hare's cryptography implementations have not been audited.