Implementation of GMAC

[SalusaSecondus]

As requested in #1, this PR adds support for GMAC to RustCrypto.

Prerequisite needed: This change will not build until RustCrypto/traits#2367 is released as version 0.11.3.

As this is my first time contributing to a public rust project, please do not assume that any choices I made were based on strong consideration.

A few choices that I did make intentionally:

• I am implementing KeyIvInit because that seems most appropriate to the GMAC case.
• I am not implementing FixedOutputReset because resetting GMAC (to reuse the same IV) seems excessively dangerous.
• I am implementing Clone because I think it may be sufficiently useful and safe on the verification path. It is also needed for testing. However, I'll happily make the Clone trait only implemented when compiling for test code if you determine it is too dangerous.
• I did not use a macro to implement GMAC (unlike the CMAC implementation) because it felt an uncomfortable fit with GMAC's IV needs.
• I am implementing GMAC as a fixed length output because the Mac trait already exposes verify_truncated_left which does what we'd need.

Some specific questions:

• I haven't added the wycheproof vectors yet as they require more preprocessing and involve many negative cases. Do we believe they are worth it here?
• I haven't added benchmarks, should I?

DO NOT MERGE UNTIL

• Upstream change to digest is released as 0.11.3 to fix tests
• Re-build and thus regeneration of lock files
• Proper date added to CHANGELOG.md (or removal of that file from this PR)

[rozbb]

Nice! Maybe dumb question bc it might already be there: could you link the standard you’re following in the README, bc I can’t find it. Also where did the KAT blobs come from?