Instantiate symmetric crypto primitives

[joebebel]

There is a nontrivial amount of symmetric crypto in the protocol, almost all of it should be provided by existing crates.

This task involves:

1. Finalizing choice of symmetric crypto primitives (e.g. ChaCha20, BLAKE2b, hash-to-curve, etc)
2. Integrating final choice(s) into the codebase and the protocol documentation.

I think the high priority for symmetric crypto choices should be:

1. Consistency within the entire Anoma protocol
2. Widespread use in the broader crypto and Rust community
3. High performance considerations (e.g. Chacha20 for mobile, AES-NI, etc)

[joebebel]

I think there is not any question about using ChaCha20 and BLAKE2b for right now, and unless there is something to debate about it, there are no further decisions to make.

The only remaining relevant open issue is implementing a key-committing AEAD for the transactions which can be built on top of the primitives we choose.

[joebebel]

The plan is to implement https://eprint.iacr.org/2020/1153.pdf over ChaCha20/BLAKE2b. It would be ideal to write this in an abstract way (perhaps in its own crate) where it can be easily reused. (Default license for such a crate should be gpl3 for now)