Integrate post-quantum ratchet SPQR.

This PR integrates a post-quantum ratchet (SPQR) into libsignal, using an API that maintains its own internal chain and provides per-message keys.  In doing so, it also aims to be fully backwards-compatible with current clients and stored session state.

## Backwards compatibility with current clients

Remote clients that connect to us or that we connect to may not have this integration.  If they don't, their SignalMessage wire format should still deserialize, and in doing so we'll receive an empty pq_ratchet field.  SQPR handles this internally, by downgrading the protocol version to "version 0" or "don't do anything".  Note that should we eventually want to disallow this, we can do so via increasing the `min_version` field passed into the SQPR init functions to V1.  This is also the method by which we would upgrade SQPR from v1 to a future v2, etc.

## Opt-in

The publicly facing API calls for this now expose an explicit opt-in via a passed-in `use_pq_ratchet` bool (and associated enums in language-specific APIs).  If false, they default to SQPR `v0`, IE: none.  If true, they try to set up SPQR on new sessions, but will downgrade if the remote party cannot or will not do the same.

rust/protocol/tests/support/mod.rs

@@ -33,12 +33,14 @@ pub async fn encrypt(
     remote_address: &ProtocolAddress,
     msg: &str,
 ) -> Result<CiphertextMessage, SignalProtocolError> {
+    let mut csprng = OsRng.unwrap_err();
     message_encrypt(
         msg.as_bytes(),
         remote_address,
         &mut store.session_store,
         &mut store.identity_store,
         SystemTime::now(),
+        &mut csprng,
     )
     .await
 }
@@ -47,6 +49,7 @@ pub async fn decrypt(
     store: &mut InMemSignalProtocolStore,
     remote_address: &ProtocolAddress,
     msg: &CiphertextMessage,
+    use_pq_ratchet: UsePQRatchet,
 ) -> Result<Vec<u8>, SignalProtocolError> {
     let mut csprng = OsRng.unwrap_err();
     message_decrypt(
@@ -58,6 +61,7 @@ pub async fn decrypt(
         &store.signed_pre_key_store,
         &mut store.kyber_pre_key_store,
         &mut csprng,
+        use_pq_ratchet,
     )
     .await
 }
@@ -155,6 +159,7 @@ pub fn initialize_sessions_v3() -> Result<(SessionRecord, SessionRecord), Signal
         *bob_identity.identity_key(),
         bob_base_key.public_key,
         bob_ephemeral_key.public_key,
+        UsePQRatchet::No,
     );
 
     let alice_session = initialize_alice_session_record(&alice_params, &mut csprng)?;
@@ -168,6 +173,7 @@ pub fn initialize_sessions_v3() -> Result<(SessionRecord, SessionRecord), Signal
         *alice_identity.identity_key(),
         alice_base_key.public_key,
         None,
+        UsePQRatchet::No,
     );
 
     let bob_session = initialize_bob_session_record(&bob_params)?;
@@ -193,6 +199,7 @@ pub fn initialize_sessions_v4() -> Result<(SessionRecord, SessionRecord), Signal
         *bob_identity.identity_key(),
         bob_base_key.public_key,
         bob_ephemeral_key.public_key,
+        UsePQRatchet::No,
     )
     .with_their_kyber_pre_key(&bob_kyber_key.public_key);
 
@@ -214,6 +221,7 @@ pub fn initialize_sessions_v4() -> Result<(SessionRecord, SessionRecord), Signal
         *alice_identity.identity_key(),
         alice_base_key.public_key,
         Some(&kyber_ciphertext),
+        UsePQRatchet::No,
     );
 
     let bob_session = initialize_bob_session_record(&bob_params)?;