New encoding includes a version byte and enforced zero padding

[bobg]

This PR introduces version 2 of the id encoding. It embeds a leading version byte to make it easier to introduce future versions when and if needed.

It also eschews random bits (in the input to the cipher) in favor of zero padding. This is enforced at decoding time, ensuring that exactly one encoded string is valid for a given id and cipher key, instead of millions. This fixes #5.

The new encoding is not backward compatible; however, this change avoids needing a major-version revision in the API by introducing the new interface Versioner. If implemented by a KeyStore and it reports version 2 or greater, then encoding operations produce version-2 strings and decoding operations validate them as such; otherwise the old format is assumed.

The sqlite KeyStore implementation (which is also the one used by the encid command) keeps existing keystores at version 1 and uses version 2 for new ones.

I am deeply indebted to Reddit user u/skeeto for the report in #5 and for guidance in producing this PR.

Note that this improvement, like the rest of the code in this library, does not account for timing attacks.

[github-actions]

Modver result

This report was generated by Modver,
a Go package and command that helps you obey semantic versioning rules in your Go module.

This PR requires (at least) an increase in your module's minor version number.

minimum Go version changed from 1.20 to 1.21
  Minor