Add some instrumentation and a note, for issue #2.

There is no behavioral change here, just some instrumentation and some
corresponding commented-out debugging print statements, plus a todo
note about a message authentication check that we should be doing.

* onetime
  (PadSession.__init__): Add a temporary field to remember the length
    of the compressed input.
  (PadSession.convert): Update that field.
  (PadSessionEncoder.finish): Add a commented-out debugging statement.
  (PadSessionDecoder.finalize): Same, plus a todo about message authn.
  (main): Add a commented-out debugging statement.

If you uncomment the debugging statements and encrypt-then-decrypt
README.md against tests/test-pad-1, like so

    ./onetime -n -p tests/test-pad-1 -e -o - README.md | tee tmp
    ./onetime -n -p tests/test-pad-1 -d -o - tmp

...you will see that the compressed input length is 191 in both calls,
and the tail fuzz length is 145.  Without the PadSessionEncoder.finish
adjustment added above, the compressed input length shows up as 336,
exactly as expected: 191 + 145, that is, the length of the compressed
input plus the tail fuzz.  (Head fuzz is not a factor here because we
don't start counting compressed input length until after head fuzz is
already done.)

In other words, what this instrumentation shows so far is everything
behaving exactly as it should.  But I want to do a few more manual
tests, before adjusting the test suite to expect the new numbers, and
of course to implement the fuzz checks for message authentication.