Add a pad authentication check

This doesn't work yet, and this commit has debugging prints.

* onetime
  (PadSession.__init__): Initialize _head_fuzz_hash.
  (PadSession._make_fuzz, PadSession._consume_fuzz_bytes):
    Take optional new hasher parameter, and update it.
  (PadSession._make_inner_header, PadSession._handle_inner_header):
    Update hash when creating or consuming head fuzz.
  (PadSession._verify_digest): Rename to...
  (PadSession__verify_digests): ...here, and verify both digests.
  (PadSession.finish): When encrypting, emit head fuzz digest too.