Use `kdf` traits for PBKDFs

[tarcieri]

Right now spake2 and srp suggest they should be used in conjunction with PBKDFs, but do not make it easy to do so or provide ready-made recipes for using them in conjunction with a PBKDF.

aucpace uses the password-hash crate to achieve this, then extracts the output from the computed password hash.

Instead, all of our PAKE implementations could use forthcoming traits from the kdf crate to abstract over PBKDF algorithms (i.e. that we have implemented in the https://github.com/RustCrypto/password-hashes repo)

See: RustCrypto/traits#1879

[tarcieri]

I opened a PR to the traits repo (RustCrypto/traits#2190) which describes a generalized PAKE API which uses the Pbkdf trait

[tarcieri]

All of the PBKDF algorithms in https://github.com/RustCrypto/password-hashes (except bcrypt-pbkdf, which lacked a type to attach it to) now impl Kdf and Pbkdf, so we have something to plug into on this side.

Perhaps as a start aucpace could be refactored to use the kdf traits instead of the password-hash traits (as I say that, the complexity in this use case is complicating an upgrade due to a complex bounds failure)