Add example showing how to override NVM functions for encrypted data objects

[billphipps]

Provide an example NVM implementation that replaces NvmAddObject and NvmRead to support encryption/decryption (AES-CTR) using ESSIV as the initial counter block, where the ESSIV key is user specified and the "sector number" is the SHA256/128 of the metadata.

The symmetric key can be left outside of the wolfHSM NVM, or it can be left within the NVM and recovered using a key decryption key.

Note this solution does not encrypt any metadata.

Expected configuration:
uint8_t siv_key[32];
int siv_key_len;
uint8_t data_key[32];
int data_key_len;
void* low_level_nvm_config;
nvmcb low_level_nvm_callbacks;
void* low_level_nvm_context;

Helper function:
generate_icb(metadata)

1. hash metadata using sha256(metadata) -> hash[32]
2. encrypt the first 16 bytes of the hash using the auth key aes_ecb(auth_key, hash) -> iv[16]

AddObject pseudocode:

1. initialize aes context for CTR
2. Set key and iv using context->key[context->key_size] and generate_icb[16].
3. encrypt data using aes in ctr mode using temp buffer
4. invoke low-level nvm callback to perform add object

Read pseudocode:

1. initialize aes context for CTR
2. compute iv using generate_icb() + offset to first used block
3. decrypt first partial block into temp buffer and discard
4. decrypt remaining into the output area