Go: x/crypto/sha3: add Keccak 256 support

/cc @agl @aead and other crypto folks.

I'm not a member of the Go team and this my personal opinion.

@pascaldekloe
I think adding more functions to the sha3 package isn't a good idea. The package already contains some complexity for its users (see the long doc). Further the package is named sha3 (not keccak), so it should implement the SHA-3 standard (and the "improved version" SHAKE).

Adam (@agl) once said:

Go only tries to meet the 90%-need in order to keep things simple.

I'm not sure whether it's worth to add a new keccak package - probably not. It would be basically a copy of the sha3 package - but of course @agl has to decide about this.

Keccak256 is just very small modification (1 byte modification!) to sha3, similar to shake better to extend sha3 package, not create a new one.

Based on discussion with @agl, @bradfitz, @ianlancetaylor, accepted with symbol name NewLegacyKeccak256.

Let us know if Ethereum also uses the 128 variant.

@FiloSottile Ethereum's Go code uses only 256 variant

for reference https://github.com/ethereumproject/go-ethereum/blob/master/crypto/sha3/hashes.go

Shall CL106462 be used to make the change or should I create a new one?

s/NewKeccak/NewLegacyKeccak/g and jettison the non-256bit variants?

Change https://golang.org/cl/106462 mentions this issue: sha3: add support for Keccak hash function

@FiloSottile Just saw this, wow :)

That said, could we also have NewLegacyKeccak512? The ethash PoW uses that too for the DAG calculation. https://github.com/ethereum/go-ethereum/blob/master/consensus/ethash/algorithm.go#L169

PS: @splix The link posted above is not from the upstream Ethereum project, rather the ETC fork of it.