List DST used in expanding and hashing

[bytemare]

Currently, the list of HashTo* DST's used are:

Designation	Value	Used in	Defined in
skc h2s	"OPAQUE-HashToScalar"	DeriveAkeKeyPair()	OPAQUE
password h2c	?	VOPRF/Blind()	VOPRF
masking key h2s	?	VOPRF/DeriveKeyPair()	VOPRF
oprf finalize	?	VOPRF/Finalize()	VOPRF

Expand DST defined in OPAQUE used in the core mechanism	Designation	Value	Used in
external pad	"Pad"	BuildInnerEnvelope()
env mac key	"AuthKey"	CreateEnvelope(), RecoverEnvelope()
export key	"ExportKey"	CreateEnvelope() , RecoverEnvelope()
masking key	"MaskingKey"	CreateEnvelope(), RecoverEnvelope()
inner skc seed	"PrivateKey"	BuildInnerEnvelope(), RecoverKeys()
ku seed	"OprfKey"	CreateRegistrationResponse(), RecoverCredentials()
masking encryption	"CredentialResponsePad"	CreateCredentialResponse(), RecoverCredentials()

Expand DST defined in OPAQUE used in 3DH	Designation	Value	Used in
ake label prefix	"OPAQUE "	CustomLabel
handshake secret	"handshake secret"	Derive-Secret()
session secret	"session secret"	Derive-Secret()
3DH prefix	"3DH"	Derive-Secret() preamble
ake server auth	"server mac"	Key Schedule
ake client auth	"client mac"	Key Schedule
handshake encryption	"handshake enc"	Key Schedule
server info encryption	"encryption pad"	Key Schedule

It could be useful to have them listed in a section of the document and refer to them by constants in the functions where they are used. (This issue is a slight duplicate and must be in line and updated with the format consistency discussion in #157 )

[bytemare]

cc @kevinlewi

Also, I put the VOPRF DST values to "?" for now as they are still being discussed in #236 and #244.

[bytemare]

Closing this as it's actually a duplicate of the other one