Committing AEAD marker traits and generic constructions

[rlee287]

This is a successor to the PR https://github.com/RustCrypto/traits/pull/1365.

Notes for the future as to schemes I chose not to implement:

• Appending a hash of the key to the tag: This scheme would provide key-commitment security, but it has catastrophic interactions with the naive key rotation scheme of replacing a key by hashing the existing one.
• CTX+: An attacker that obtains the inner tag of a ciphertext may be able to perform a length extension attack by extending the AAD to forge a new tag. (Admittedly, this is an unlikely attack scenario, but this consideration was what led me to create CTXish-HMAC instead of a CTX+ish-HMAC.)