use blake2b_simd and blake2s_simd internally

Replace the internal implementation of BLAKE2b and BLAKE2s with calls to
the blake2b_simd and blake2s_simd crates. Those crates contain optimized
implementations for SSE4.1 and AVX2, and they use runtime CPU feature
detection to select the best implementation.

Running the long-input benchmarks on an Intel i9-9880H with AVX2
support, this change is a performance improvement of about 1.5x for
BLAKE2b and 1.35x for BLAKE2s.

This change deletes the undocumented `with_parameter_block` method, as
the raw parameter block is not exposed by blake2b_simd or blak2s_simd.
Callers who need BLAKE2 tree mode parameters can use the upstream crates
directly. They provide a complete set of parameter methods.

This change also deletes the `finalize_last_node` method. This method
was arguably attached to the wrong types, `VarBlake2b` and `VarBlake2s`,
where it would panic with a non-default output length. It's not very
useful without the other tree parameters, so rather than moving it to
the fixed-length `Blake2b` and `Blake2s` types where it belongs, we just
delete it. This also simplifies the addition of BLAKE2bp and BLAKE2sp
support in the following commit, as those algorithms use the last node
flag internally and cannot expose it.

blake2/Cargo.toml

@@ -12,6 +12,8 @@ keywords = ["crypto", "blake2", "hash", "digest"]
 categories = ["cryptography", "no-std"]
 
 [dependencies]
+blake2b_simd = { version = "0.5.10", default-features = false }
+blake2s_simd = { version = "0.5.10", default-features = false }
 digest = "0.9"
 crypto-mac = "0.8"
 opaque-debug = "0.3"
@@ -23,7 +25,7 @@ hex-literal = "0.2"
 
 [features]
 default = ["std"]
-std = ["digest/std", "crypto-mac/std"]
+std = ["digest/std", "crypto-mac/std", "blake2b_simd/std", "blake2s_simd/std"]
 simd = []
 simd_opt = ["simd"]
 simd_asm = ["simd_opt"]