UnsoundPureKES and DirectSerialise API

[tdammers]

Description

This introduces two changes that are needed for introducing mlocked KES into ouroboros-consensus and implementing a KES agent:

• The DirectSerialise API, an abstraction that allows us to send key data over a socket connection directly from mlocked memory, without using any intermediate variables on the GHC heap that might leak secrets to disk
• Reinstating the non-mlocked KES API as UnsoundPureKES; this is necessary for a minimally disruptive migration path in ouroboros-consensus. We will use this API to keep the existing code, loading KES keys from disk, available, while adding KES agent connectivity (which will use mlocked memory throughout) as an alternative. Until all non-mlocked KES usage has been phased out, we will need to keep the UnsoundPureKES API around.

Checklist

• Commit sequence broadly makes sense and commits have useful messages
• New tests are added if needed and existing tests are updated
• All visible changes are prepended to the latest section of a CHANGELOG.md for the affected packages.
  New section is never added with the code changes. (See RELEASING.md)
• When applicable, versions are updated in .cabal and CHANGELOG.md files according to the
  versioning process.
• The version bounds in .cabal files for all affected packages are updated.
  If you change the bounds in a cabal file, that package itself must have a version increase. (See RELEASING.md)
• Self-reviewed the diff

[lehins]

Is that a replacement for #317 or an extension of it? Before I waste time on reviewing both I'd like to know what the actual plan is.