Add support for xwing kem

[quexten]

Adds feature flagged support for x-wing as per https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.

Note: This needs testvectors and has not been tested against other implementations yet.

[quexten]

I wanted to use the other rust HPKE implementation, but it looks like it does not have the correct KEM ID / differs from the IANA assignment: cryspen/libcrux#1215 (comment)

[quexten]

@rozbb I know the existing tests are against the reference go implementation (https://github.com/cisco/go-hpke) which does not implement the x-wing extension to hpke.

How would you prefer the test-vectors to be integrated here? An entirely separate file and implementation, such as libcrux (assuming the bug I link is resolved)?

[rozbb]

Thank you for this! I rebased and made some updates. Namely I needed to:

1. Fix DeriveKeyPair, because the one in the Conelly draft spec is NOT the one being standardized. This was helpful filippo.io/hpke-pq
2. Implement SHAKE256 as a KDF, which necessitated a refactor, since so many hashing functions relied on the KDF being an extract-and-expand-type KDF

[rozbb]

I still need to clean up a bit, but this is quite close to being ready. Let me know what you think!

[quexten]

Apologies, I meant to get back to this and review it, but thank you so much @rozbb for continuing the work on this~!

[rozbb]

Absolutely no worries. Thank you for providing such a nice first draft