Stateful initialization of crypto backends

[geonnave]

In the cryptocell310 backend, I tested a change in the initialization code so that it only runs once after boot.
This reduced handshake time by ~80 milliseconds.
Here is the commit for that: geonnave@d58b2ae

The goal with this issue is to bring a similar change to the other crypto backends.

[chrysn]

As you pointed out, this could benefit from #103

I don't think it'd even need actual fields in the Crypto -- it could still be ZST, but it'd be only created through the initializer function:

#[derive(Copy, Clone)]
pub struct Crypto {
    _private: ()
}

/// Initialize the cryptography engine by doing some pre-computations.
///
/// unsafe: This writes to a static mut, and thus may only be called while no
/// [Crypto] struct exists. In particular, it is safe to call once, as this is the only
/// constructor of a Crypto.
unsafe fn edhoc_rs_crypto_init() -> Crypto {
    unsafe { /* one-time initialization stuff */ };
    Crypto { _private: () }
}

(If we want to do without unsafe, that's just as fine -- we can have a struct Crypto(CRYS_RND_State_t) with a safe constructor, and impl CryptoTrait for &Crypto, but with the unsafe C SaSi_LibInit etc functions around, it's probably easier this way.)