Replace the current key exchange with EC-HMQV

[wyatt-howe]

The paper only specifies that the key exchange has to happen inside a prime order (elliptic curve) group, but with the way they define it, I'm not sure this is possible with Ristretto.

[Sc00bz]

HMQV is patented until February 2026. If anything this should use Noise-KN and drop the encryption part (and do client_identity_private_key = pwKdf(...)). Also the encryption part is currently broken because it doesn't have "random key robustness" (see #5). The encryption part was added to OPAQUE so that HMQV can have an advantage vs 3DH and get people to use or vet IBM's patented AKE.