aes-gcm: Make use of the optimized aarch64 implementation

[vkrasnov]

Currently ring bundles an interleaved AES-GCM implementation for aarch64, but does not make use of it, instead calling AES-CTR + GHASH in succession.

This change makes use of the bundled implementation, resulting in speedups of 45% for AES-128-GCM and 55% for AES-256-GCM on Apple M1 CPU.

[codecov[bot]]

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (c1e31b8) 96.22% compared to head (5ac1d08) 96.23%.

Files	Patch %	Lines
src/aead/gcm.rs	75.00%	1 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1935 +/- ## ========================================== + Coverage 96.22% 96.23% +0.01% ========================================== Files 135 135 Lines 20550 20632 +82 Branches 226 226 ========================================== + Hits 19774 19855 +81 - Misses 742 743 +1 Partials 34 34 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[briansmith]

I have now tested this on Windows 11 aarch64-pc-windows-msvc and verified that the implementation is selected and that the tests pass.

[vkrasnov]

And how the performance on that platform?

[briansmith]

And how the performance on that platform?

I didn't run the benchmarks because I actually ran the test in Parallels on an M1 Mac. The only ARM64 Windows hardware I have is an original Surface Pro X (SQ1) tablet which isn't very relevant.