Rework AES-GCM code.

Defer all encryption/decryption to "final" calls. "Update" calls just cause
the input data and pointer to output buffer to be saved. This was previously
only the behavior for decryption with the macro `WE_AES_GCM_DECRYPT_ON_FINAL`
defined. I've made this the default now, after multiple support inquiries were
resolved by adding the macro to the user's build. I've done the same for
encryption to reduce complexity. I'm also pretty sure the implementation prior
to this commit didn't properly handle the GMAC case, but our tests didn't catch
it. This rework also resolves a curl integration bug discovered in ZD 13387.
Finally, it rids us of the need to cache tag errors, further reducing
complexity.

Author: haydenroche5