Kafkacrypto

This release fixes one security issue, updates logging, and adds support for post quantum secure key exchange. Specific changes:

1. Converted various exceptions to info messages to reduce clutter in logs and provide more informative detail.
2. Add construction and printing of a code version hash.
3. Add key exchange versioning. This changes the on-the-wire format, and is presently done in a backwards-compatible way through the legacy tunable.
4. Add support for the post quantum secure hybrid key exchange algorithm Curve25519+sntrup761. This pairing was chosen because sntrup761 was not selected as a candidate for standardization by NIST, so is not likely to see further tweaks, and is independently implemented already in OpenSSH to provide pq security. Right now this requires manual installation of liboqs-python and changing a tunable to enable.
5. Fix a security issue where a malicious, active, MITM with a valid signing key could replace a key request random value with their own. It is not obviously exploitable beyond making denial of service easier. Controllers (if used) must be updated first.

As a consequence of the security fix, controllers must be updated first so that they no longer replace the random value with their own.

This is a bugfix and enhancement release:
1. Make seek_to_beginning and seek_to_end function correctly and have consistent calling convention in both confluent_kafka and kafka_python wrappers.
1. Add support for passing confluent-specific parameters to consumer subscribe call in confluent_kafka_wrapper.
1. Fix listener callback functionality in confluent_kafka_wrapper.

This is a bufix release to correct a single issue with consuming topics:

- Add support for seeking to beginning/end of TopicPartitions on assignment. This makes sure a kafkacrypto object correctly consumes all chains/allowlist/denylist messages (rather than only consuming them once a new message is produced to them).

This fixes a bug with intermittent consumers/producers not properly updating their signing chains.

This release corrects one typo in the forward-compatibility logic and description for librdkafka in confluent_kafka_wrapper.

This is a bufix release with a single change to ensure forward compatibility with the upcoming libkrdkafka 1.9.0:

- Update confluent_kafka_wrapper to properly handle errors due to commits with no offset in the synchronous case.

This ensures compatibility with a bugfix entailing behavior change in librdkafka regarding the behavior of commit calls with topics that are subscribed but not yet assigned.

This is a bufix release. Changes:

- Scope custom flush work-around in confluent_kafka wrapper to only affected versions. See [librdkafka3633](https://github.com/edenhill/librdkafka/issues/3633).
- Make confluent_kafka consumer commit wrapper synchronous to match kafka-python API expectations.
- Add commit_async handler to confluent_kafka wrapper.
- Fix missing lock acquire in __update_spk_chain.