Implemented optimal CMAC calculation for WebCrypto

[Traktormaster]

I've found myself in a situation where this AES-SIV implementation would be great for use, but its performance was very lacking.

After digging a bit I've found that the CMAC calculation is very badly optimized and (unlike the PMAC) it should be trivial to improve.

I've basically solved the TODO in the cmac.ts that said: use AES-CBC with a span of multiple blocks instead of encryptBlock to encrypt many blocks in a single call to the WebCrypto API.

I've added the necessary interface changes and compatibility for the software aes fallback provider. Of course the performance of that is not any better. Unit tests are still passing.

In summary this change improved the performance of AES-CMAC-SIV.
For example, the encoding performance improved from 400KB/s to 120MB/s!

[Traktormaster]

The second optimization further reduces the number of CBC encrypt calls by batching the data together and only calling encrypt once in CMAC.finalize().

This helps some more when a lot of small messages are to be handled. For example: encrypting 2000 100B messages took 0.95 seconds before the second patch, while the same only needs 0.6 seconds to complete now. It's a ~30% improvement for this type of load. There is no performance change for encrypting a small number of large messages.

This has the trade-off of having to batch and prepare all the data in a single buffer. This uses more RAM, but is vastly superior in execution time.