Refactor Group Joining and fix External Inits

[kkohbrok]

This PR refactors the two sections on Group Joining (via Welcome and via External Init) by changing the GroupInfo struct that can be used for both cases. The external_pub used in the course of an External Init is added as an optional field. This PR also:

• removes the redundant ProtocolVersion in the GroupInfo
• adds a GroupInfoTBS struct to follow the convention of specifying a TBS struct for signed messages
• implicitly, the confirmed_transcript_hash and confirmation_tag is now used for external inits instead of the interim_transcript_hash, which was not sufficient to create a valid commit

[bifurcation]

So basically, we're converging the internal and external join cases as a result of fixing a bug in external join. Seems like a fine idea.

I will note that this promotes GroupInfo into a "public" / "on-the-wire" object, as opposed to always being wrapped in a Welcome. In the internal join case, the GroupInfo is always sent encrypted to the new joiner; in the external join case, it isn't necessarily encrypted (up to the application). Doesn't need to be a blocker, but might be worth elaborating on in an implementation document.

Marking as approved, but I would pretty strongly prefer that external_pub be in an extension vs. an optional field.

[bifurcation]

I would probably make this an extension (in other_extensions, like ratchet_tree) instead of an optional field.

[kkohbrok]

Thanks for the suggestions! I agree that it's a bit nicer to have an extension rather then an optional field.

[raphaelrobert]

Since it's now an extension, do we still need it here?

[kkohbrok]

Ah, sorry. Forgot to remove that one. Thanks!

[raphaelrobert]

I agree it's good to align PublicGroupState and GroupInfo!