Overall Cleanup

[hannestschofenig]

In this PR I did an overall cleanup:

• added an explanation about the ciphersuite allocation,
• text describing the aad and info parameters for COSE_Encrypt0 (but not yet for COSE_Encrypt), [This is old text]
• cleaned up remaining text about doc being "base mode" only (but nothing registered yet in terms of ciphersuites)
• Removed version number from ciphertext string (see https://github.com/cose-wg/HPKE/issues/34)

I also improved the wording of the text in the intro and the abstract.

@dajiaji @selfissued @laurencelundblade @OR13 @ilaril: Please have a quick look at it.

[ilaril]

1. The text seems to recommend using COSE_KDF_Context, which is problematic for two reasons:

• The keyDataLength value is self-contradictory (e.g. 16 and 12 at the same time).
• COSE_KDF_Context seems to map rather poorly to what applications might want to do.

2. There probably should be a table of abbreviations used in mode, kem, kdf and aead instead of repeating the same values multiple times.

3. On using modes other than base, there needs to be a parameters for the PSK identifier (for psk/authpsk) and sender key ID (for auth/authpsk). For the latter, "static key id" probably can be reused, but the first would require a new parameter (with bstr value).

4. There are very much nontrivial security considerations on using auth/authpsk mode. For one, using those modes with two-layer structure is insecure. These need to be restricted to one-layer structure.

[hannestschofenig]

Regarding COSE_KDF_Context: This is what COSE uses for the context information and it is old text from the earlier draft.

Regarding the cipher suite label: I don't want to introduce abbreviation table since we are not using the labels so often.

Regarding the modes other than Base mode: I agree that there is more work needed (including implementation work) but we have to start somewhere.

[OR13]

I suggest the PR be merged.