Make default max scrypt work configurable

[str4d]

Currently, rage estimates the target work required for around 1 second of effort on the current machine, and then allows a work factor up to 2⁴ higher, or around 16 seconds of effort. This is reasonable for interoperability within rage users, but is a problem for interoperability with the reference Golang implementation:

• The SHA-256 implementation in the sha2 crate is pure-Rust, and much slower than the assembly-optimized one available in Golang.
• age picks a work factor of 18 as the default, which is indeed about 1 second of effort on my laptop. But rage picks a work factor of 12 for the same effort, and thus its default max work factor is 16.
• The UX effect is that age can decrypt rage-encrypted messages, but rage rejects age-encrypted messages with "Excessive work parameter for passphrase".

To address this, the default max work factor should be configurable. We should provide error-message feedback to the user when the work exceeds the currently-configured max work factor, letting them know what the max would need to be to decrypt the message, and we can use the work estimator to inform them how long it would likely take.