Support SHA-3 through mbedtls_md

[gilles-peskine-arm]

• Support the 4 SHA3 variants through mbedtls_md_xxx.
• Add corresponding unit tests.
• HMAC-SHA3 is not officially standardized, but is unambiguous and has a small amount of use. Attempting to use it (e.g. with mbedtls_md_hmac, or mbedtls_md_setup with hmac=1) must either work or return a documented error. Either way this must be unit-tested.

This is already done in #1549 but it require a major rebase.

Prerequisites:

• SHA-3 implementation: Implement Keccak-F, the Keccak sponge and SHA-3 #3751

[mpg]

Note: it looks to me like this might have been resolved by merging #7708, but I'm not familiar enough with SHA-3 to judge for myself at a glance if 7708 did everything mentioned here or if there are some items left todo here.

So, I'm not closing the issue, and leaving the decision to people more familiar with this - perhaps @gilles-peskine-arm or @daverodgman

[gilles-peskine-arm]

Completed in #7708 (including testing of HMAC).