AES-GCM size and perf

[daverodgman]

Description

Size and perf improvements for AES-GCM.

Compared to v1.0.0:

• Neon performance increases by around 2.4x - 3.7x
• Scalar improves by 4-10%
• With MBEDTLS_AESCE_OPTIMISE_FOR_SIZE set, performance is +2-5% (clang) / 35% better (gcc) than v1.0.0, and size improves by around 750 bytes (clang) / 1400 bytes (gcc).
• Both size and perf improve in all cases

Neon performance is about 50% faster than OpenSSL.

This is based on #664.

Relative to v1.0.0:

cc	AESCE	ONLY_128	OPT_SIZE	size	AES-GCM-128	AES-GCM-192	AES-GCM-256
clang-17	0	0	0	9232 -532	270 +4%	248 +4%	228 +4%
clang-17	0	1	0	8968 -336	270 +5%
clang-17	1	0	1	2890 -761	3199 +2%	3193 +3%	3173 +4%
clang-17	1	0	0	3598 -53	8820 2.8x	8030 2.6x	7281 2.4x
clang-17	1	1	1	2702 -745	3224 +3%
clang-17	1	1	0	3374 -73	8970 2.9x
gcc-15	0	0	0	10012 -708	277 +10%	253 +9%	232 +10%
gcc-15	0	1	0	9660 -660	277 +10%
gcc-15	1	0	1	4150 -1352	3186 +34%	3177 +35%	3166 +34%
gcc-15	1	0	0	5130 -372	8892 3.7x	8253 3.5x	7671 3.3x
gcc-15	1	1	1	3930 -1400	3211 +30%
gcc-15	1	1	0	4810 -520	8908 3.6x

PR checklist

Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.

• changelog provided
• framework PR not required
• mbedtls development PR provided - this is it
• mbedtls 3.6 PR not required because: no functional change.
• tests not required because: already well tested