harden against "compromise via lattices"
make write functions return number of bytes written
update to latest stdlib changes
fixes to work with latest hare updates
memio changes i've missed
update to os::signal changes
update to memio
fix uninitialized values

This is a dirty fix to make it compile until a better solution/pattern
is found.
rsa: fix clearing privkey params on decode
export ssh::format::newkey
format::ssh: close base64 encoder at right moment

otherwise the padding will be written after the comment.
format::ssh: add rsa key support
Updates per crypto::aes changes
format::ssh: factor out newkey, free keys on err
make newed25519key allocate and return a pointer

It fits better, since there is only key_free, which only accepts a pointer to
finish keys and clear their contents.
decodesshprivate: make sure padding is freed
ssh::format: add functions to encode raw keys
Flesh out more kex/cipher initialization

This is half-baked because I think some serious refactoring is in order
kex: implement key material generation

Also lays some groundwork for cipher initialization