Add keccak::f1600x{2,4,8}

[bwesterb]

I'm working Rust implementations of hash-based signature schemes. For them it would be great to have parallel (x2, x4, x8) versions of f1600.

This simple PR adds such parallel versions using packed_simd.

On my old Haswell I see

test f1600         ... bench:         425 ns/iter (+/- 25)
test simd::f1600x2 ... bench:         648 ns/iter (+/- 13)
test simd::f1600x4 ... bench:         647 ns/iter (+/- 72)
test simd::f1600x8 ... bench:       1,635 ns/iter (+/- 12)

So f1600x4 takes 161ns for a single f1600, which makes it 2.6x faster than four f1600s.

Some notes

• packed_simd is still only available for nightly, so I've put these vectorized functions behind a feature gate.
• The f1600xn functions are created by a macro. We could instead create a trait for all operations we use on u64xn (and even u64) and make f1600x2, ... f1600x8 and f1600 instances of a _f1600<T>.

[dsprenkels]

On a coffeelake laptop (aang):

test f1600         ... bench:         318 ns/iter (+/- 8)
test simd::f1600x2 ... bench:         440 ns/iter (+/- 1)
test simd::f1600x4 ... bench:         457 ns/iter (+/- 143)
test simd::f1600x8 ... bench:       1,045 ns/iter (+/- 29)

On a skylake-AVX512 host (lilo6):

test f1600         ... bench:       1,052 ns/iter (+/- 14)
test simd::f1600x2 ... bench:         761 ns/iter (+/- 3)
test simd::f1600x4 ... bench:         802 ns/iter (+/- 44)
test simd::f1600x8 ... bench:       1,122 ns/iter (+/- 5)

[newpavlov]

Sorry for the late reply! I will try to review this PR in near future. Meanwhile can you add test vectors for the added functions?

[bwesterb]

I've added tests.

[bwesterb]

Have you taken a look?

[tarcieri]

Obsoleted by #8