RSA/AEAD: Check for overflow during byte->bit length conversions.

[briansmith]

x.checked_shl(x) does NOT check the result against overflow; it only checks that the shift count isn't larger than the bitlength. Use x.checked_mul(8) instead of x.checked_shl(3) to get the correct effect.

This doesn't seem to have any impact as the inputs are already constrained by additional checks by the users of BitLength.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 96.28%. Comparing base (9751924) to head (5f7a4c7).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1998 +/- ## ======================================= Coverage 96.27% 96.28% ======================================= Files 139 139 Lines 20805 20805 Branches 226 226 ======================================= + Hits 20031 20032 +1 Misses 739 739 + Partials 35 34 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.