Update to hash-to-curve draft 16, with some API adjustments

[andrewwhitehead]

• Adds a Message trait for use by expand_message rather than requiring the message to be a single [u8] (more flexibility for larger message values and no-alloc situations)
• Allows expand_message to be used with security levels other than k=128
• Removes lifetime parameters and the separate InitExpandMessage trait
• Moves unit tests to tests/ for compilation performance

[daira]

Breaking these across lines makes it a bit more difficult to review whether the test cases have changed.

[str4d]

Hey! This PR has been close to the top of our to-review list for months now, but just as it keeps getting close to "hey, we can start working on this now!" some other emergency pushes it back down. Part of the problem is our desire to review the delta from draft 12 to draft 16 and confirm there are no backwards-incompatible changes, but also this PR is very big and requires significant uninterrupted time to review (even though most of it appears to only be test moves, it does add to the review complexity).

I strongly want to get this in, and will continue to try and do so, but we do not have time to review it before the next crate release.

[str4d]

On the above point, I think it would be significantly easier to review this PR if it was split into two separate PRs: a move-only PR that moves the tests to tests/, and then this PR changing the API.