Add AES-GCM or ChaCha20Poly1305

[paulmillr]

aes is pretty bad. I know it's there for compatibility, but we should be also exposing GCM (+50-100 loc):

• CBC Padding is easy to misuse. CTR or GCM should be preferred to it
• GCM is better than CTR/CBC+HMAC (can be parallel; harder to misuse)
• GCM has AAD
• GCM is the only mode included in TLS v1.3. They've dropped all CTR/CBC ciphers!
• If ETH non-wallet apps are using encryption, they should definitely be using GCM, not CTR/CBC