ed: Expose hazmat::raw_sign_byupdate() for streamed signing

[rozbb]

Currently, if you want to sign a serialized object, you have to serialize it in full, then sign it. When memory is constrained, this is hard.

This PR defines a function, hazmat::raw_sign_byupdate, which, rather than taking a single contiguous message slice, takes a Fn(&mut Digest) that knows how to update a hasher with the parts of the message. So, in the case of serialization, the closure will simply serialize each component to a small buffer, do h.update(buf), then fill the buffer with the next serialized component, etc.

This comes from discussion here, here, and hypothetical impl here.

This is feature-gated behind hazmat because it takes an expanded secret key, which is possible to catastrophically misuse.

@mkj

[rozbb]

I don't see any performance degredation

[mkj]

Thanks. I've tested this PR raw_sign_byupdate() works in my codebase, can the raw_verify_byupdate() also be added? Edit: not thinking - I should just be able to use StreamVerifier.

[mkj]

I guess raw_verify_byupdate() doesn't have any use, I think StreamVerifier covers all those cases.

[mkj]

Tested StreamVerifier works well for my purposes here. Thanks!

[tarcieri]

I think an &[&[u8]] API is a lot more foolproof, though this is more flexible