* encrypted chunk header now encodes _only_ plain text length
* the AEAD tag length is implicitly added when reading/writing
* added better sanity checks for short blocks during decrypt
* io.ReadAtLeast() reports ErrUnexpectedEOF for less than a full chunk;
use this signal correctly
* major version bump to denote header incompatibility
* Refactored the private key protection to use standard AEAD
construction.
* Fix sanity check of decrypted block length to stay within verified
bounds
* Cleanup test harness to split into utility file (assert()); cleaned up
names of test functions.
* Fixed scrypt params to not take too long (N=2^19)
* Updated README with these changes
* Added support to read openssh public keys and encrypted private keys
* reworked private key handling
* made password the default; generating keys without password
requires explicit "--no-password"
* use protobuf for encryption-header
* use fixed size file-header (42 bytes) before the encryption-header
* add encryption/decryption contexts
* teach MakePrivateKey() to fixup its internal public key bits
