New SRP crypto module

Clean re-implementation of imported SRP code that fixes some bugs and adds support for other crypto backends.

We now fully support all crypto via either MbedTLS or GnuTLS+Nettle+GMP, though for now MbedTLS remains preferred.

During the rewrite a bug was found in the old imported code that leads to incorrect hashes when mbedtls_sha256_update was used.
This bug unfortunately creates an incompatibility between wrongly and correctly hashing versions.
For compatibility reasons we still support the wrong hashing (only via MbedTLS), this is detected at runtime via signalled rist gre version (old versions had version set to 0, the spec allows for version 1).
This also affects generated SRP files.
An extra identifier is added to each line to differentiate between broken and correct hashing.
Thus it's strongly recommended to update SRP files with correct hashing.
The ristsrppassword utility is updated to generate both correct and wrong hashes.
Calling applications should take care to use the new lookup callback and supply the correctly hashed verifier & salt when called with hashversion >= 1

Also added to the lookup callback is a generation variable, which allows libRIST to cache verifier & salt.

We now also have (partial) unit tests for the SRP code, based on the example constants written in the spec. The example constants are unfortunately generated with the wrong hashing algorithm.