rfc3962 zero handling on 32b

[dt]

RFC3962 (4) stipulates that a 00 00 00 00 be changed to 2^32, which currently motivates using an int64, instead of an int, to hold its value when calling pbkdf2 to be compatible with 32 bit int platforms. However this motivates the use of a forked pbkdf2 package with an int64 function signature.

The RFC, in the same paragraph, says that an implementation may choose to limit their allowed iteration count. It seems like rfc3962.StringToKeyIter could avail itself of this option in the RFC: parse, to an int64, the requested iteration count, then check if it fits in an int and if it does, just cast and call go's stdlib pbkdf2, and if it doesn't simply return an error, using the option provided in the RFC to impose a limit on the iteration count, instead of needing a new pbkdf2?

Doing so could avoid depending on / maintaining a pbkdf2 fork?

[jcmturner]

This will require a change to public functions so will need a major version revision. I have merged the changes needed into the v9 candidate branch.