glome: improve public API documentation in glome.h

[FreezB11]

Summary

Improves the documentation of the three public functions in glome.h as requested in #167.

The existing comments were single-sentence descriptions that gave no guidance on parameter ownership, buffer requirements, or when to use each function. This change replaces them with detailed doc comments covering all of that.

Changes

glome_generate_key

• Describes the appropriate use case: ephemeral keys per session vs. long-lived service keys
• Documents both output buffers, their size requirements, and that the caller owns them and is responsible for zeroing the private key after use

glome_derive_key

• Clarifies when to use it: recovering the public half of a previously stored private key
• Makes explicit that the function does not modify or retain the private key it receives

glome_tag

• Explains the underlying mechanism: HMAC-SHA256 over a Diffie-Hellman derived shared secret
• Describes both operating modes separately: tag generation (verify=false) for the sender and tag verification (verify=true) for the receiver
• Documents every parameter individually, including the ownership direction change for tag depending on the value of verify
• Clarifies return value semantics for each mode

Closes #167.