block-buffer and block-padding improvements

[newpavlov]

This PR modifies block-buffer and block-padding APIs to reduce their surface and to make them mostly panic-free. Lack of panics in block-buffer was checked using godbolt. The relevant unsafe code line relies on the following invariant: pos is always strictly smaller than block size.

Because of this invariant I had to remove the input_lazy method, which was initially added for Skein. I think it will be better to later introduce a separate "lazy" buffer type. As a consequence it means that Skein will not be compatible with the core API introduced in RustCrypto/traits#380 (I think it could be eventually fixed with specialization). For most users it will be a barely noticeable implementation detail (i.e. Skein will simply implement the mid-level traits directly, without relying on the core wrapper), so considering relative unpopularity of hashes reliant on "lazy" buffers, I think it's a reasonable sacrifice.

Ideally we would use an Ada-like range type for pos (both the block-buffer field and the block-padding method argument), but without const generics such type probably will be quite unergonomic.

Closes #79

[newpavlov]

I have added the xor_data method, which should be useful for RustCrypto/stream-ciphers#95. I am not 100% sure it will be universal enough to unify buffering logic for one-pass AE and AEAD implementations, but it should be a good enough starting point.