Refactor tr31_import() to use processing state object

* Create new internal processing state object to hold state related to
  the decryption and verification of key block payloads
* Move determination of encryption block size and authenticator length
  to tr31_state_init()
* Move computation of header length and payload length to
  tr31_state_prepare_import()
* Refactor payload decryption functions to avoid large stack
  allocations that might fail on embedded platforms. This is
  specifically a problem with key blocks containing asymmetric wrapped
  keys.
* Improve validation of decrypted key length to ensure that it is a
  multiple of 8 bits

At a high level, tr31_state_prepare_import() will populate a buffer
containing the key block header, binary payload and binary
authenticator. For format version A and C, this buffer can be used as-is
for CBC-MAC verification. For format version B and D, the decrypted
payload can easily be copied in such that the buffer can then be used
for CMAC verification.

This change is part of a wider effort to move the fields intended for
internal use out of the context object where they are visible to the
caller. Instead a new internal processing state object will hold these
fields and ensure that they are properly cleansed.