BACKPORT: crypto: blake2b - add blake2b generic implementation

The patch brings support of several BLAKE2 variants (2b with various
digest lengths).  The keyed digest is supported, using tfm->setkey call.
The in-tree user will be btrfs (for checksumming), we're going to use
the BLAKE2b-256 variant.

The code is reference implementation taken from the official sources and
modified in terms of kernel coding style (whitespace, comments, uintXX_t
-> uXX types, removed unused prototypes and #ifdefs, removed testing
code, changed secure_zero_memory -> memzero_explicit, used own helpers
for unaligned reads/writes and rotations).

Further changes removed sanity checks of key length or output size,
these values are verified in the crypto API callbacks or hardcoded in
shash_alg and not exposed to users.

Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

(cherry picked from commit 91d689337fe8b7703608a2ec39aae700b99f3933)

Conflicts:
	crypto/Kconfig
	crypto/Makefile

(trivial conflicts due to blake2s having been backported already)

Bug: 178411248
Change-Id: Ic4c2314b146434a5842facf56e58d3602bacc7d5
Signed-off-by: Eric Biggers <ebiggers@google.com>