srtp: add SRTP_AEAD_AES_256_GCM support

This patch adds SRTP_AEAD_AES_256_GCM cipher-suite to SRTP protocol.
This cipher-suite has been standardized by RCF 7714
since December 2015 [1].

This gives us extra security from older AES-128, with only 64-bits
of security (AES-256 has 128-bits of security).
This AEAD cipher is also "constant-time" reducing risk of
side-channel attacks.

On performances, AES-GCM outperforms AES-HMAC if AES-NI cpu instructions
is supported [2]. The drawback is only supported on x86 like machines.
If no hardware acceleration is available, AES-GCM performs as well as
AES-HMAC (even a bit better).
See [3] and [4] for more details about this cipher and its advantages.

Important Changes on implementation:

This cipher uses a 32-bytes master key and a 12-bytes master-salt.

** This cipher-suite requests a 44-bytes of params (was 30 before) **

This implementation is based on nettle AEAD-ciphers API
and is compatible with the older implementation.

Notice that the RCF 7714 requests a full authentication tag to be used,
giving an extra 16 bytes added to the size of the encrypt input data.

** These extra 16 bytes have to be taken in account by the user **

Usage: pass SRTP_AEAD_AES_256_GCM string as suite argument and
a 44-bytes params argument (master key+salt) to ff_srtp_set_crypto.
Use ff_srtp_encrypt and ff_srtp_decrypt as usual.

Tests: unit testing block by compiling srtp.c as a binary and
enable the define TEST_SRTP_AEAD.

[1] https://tools.ietf.org/html/rfc7714
[2] https://crypto.stanford.edu/RealWorldCrypto/slides/gueron.pdf
[3] https://en.wikipedia.org/wiki/Authenticated_encryption
[4] http://crypto.stackexchange.com/questions/27243/what-is-the-advantage-of-aead-ciphers

Change-Id: I0ebab13986dc007cc002ff3618e716e5103c2770
Tuleap: #747