Input buffers are not modified, so can be declared const arguments.
This will allow using `const` inputs for `modes/ccm`.
Also say `iv` const even if not required for the api update, just because it is
the case.
RFC3610 states that len_encoding is only valid for "0x0001 ... 0xFEFF"
If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two
octets which contain the value l(a) in most-significant-byte first
order.
Function is broken with num_bytes >= 4.
Could happen when storing input_len with len_encoding >= 4.
It can take values from 2 to 8, so make it work for cases it would overflow.
Maximum input_len depends only on length_encoding and not auth_data_len.
The current length_max value was also wrong.
RFC3610 page 2
3. The message m, consisting of a string of l(m) octets where 0 <=
l(m) < 2^(8L). The length restriction ensures that l(m) can be
encoded in a field of L octets.
`memcpy()` must not be used if the input and output ranges overlap,
because it is undefined if the data if copied from front to the end or
vice versa.
Found via valgrind.
