This is to hash the results of the DH key agreement, since the
generated key size rarely matches the size of our bulk
encryption key size.

 * Add PKCS#11 algorithm CKM_G_HKDF_SHA256_DERIVE
 * Change DH code so it always generates keys of prime size.
 * Change CKM_DH_PKCS11_DERIVE mechanism to support truncating
   or expanding keys on its own (without help from underlying
   implementation) in accordance with PKCS#11. Although we no
   longer use this.
 * Add support for CKK_GENERIC_SECRET keys.
 * Update prompt code to use HKDF in key negotiation.
 * Add secret service dh-ietf1024-sha256-aes128-cbc-pkcs7 algo
   which replaces the previous.