Tird

- Update LOGO
- Add MANPAGE.md
- Rename some input options
- Update description

- Sanitize comments: prevent UnicodeDecodeError in some cases.
- Update blake2b personalization values.

- New cryptoblob structure:

512B 0+B
+----------+---------------+
| comments | file contents |
+----------+---------------+
16B 0+B | plaintext | 64B 0+B 16B
+------+---------+--------------------------+-----+---------+------+
| salt | padding | ciphertext | MAC | padding | salt |
+------+---------+--------------------------+-----+---------+------+
| urandom data | random-looking data | urandom data |
+----------------+--------------------------------+----------------+

- Use new cipher: ChaCha20-IETF instead of SHAKE256-based cipher.
- Add new dependencies: `pynacl` (provides `Argon2`) and `pycryptodomex` (provides `ChaCha20`).
- Use a new KDF: `Argon2` instead of `scrypt` and `catpig`.
- Rename: `mode` to `action`, `hide` to `embed`, `unhide` to `extract`.
- Compare MAC tags in costant time using `hmac.compare_digest()`.
- Do not encrypt MAC tags.
- Forbid unknown CLI options.
- Do not convert specified file paths (input, output, keyfiles) to realpath before opening fd.
- Update logo.
- Other minor improvements.

- Add `SECURITY.md`.
- Add `-d/--debug` option.
- Add type hints to Python code.
- Update color scheme for Linux terminal emulators.
- Improve handling of possible I/O errors.
- Remove personalization for keyed BLAKE2b (MAC).
- Remove personalization for BLAKE2b in modes 4, 5.
- Run garbage collection when keys are no longer needed (use `del` and `gc.collect()`).
- Add authentication tag by default.
- Change randomized padding scheme.
- Rename `metadata` to `comments` and make its size non-customizable (always 512 bytes).
- Set new `scrypt` parameters: n=2**20, r=8, p=1.
- Add salt when hashing keyfiles and passphrases using BLAKE2b.
- Set new salt sizes for KDF functions: 16 bytes.
- Add `catpig` v0.3.0 memory-hard password-hashing function before `scrypt` KDF.
- Show padding positions in modes 2, 6.
- Cipher simplification. Removing rounds, reducing block size to 64K. Now the ciphertext is obtained by XORing plaintext with the output of SHAKE256. This also results in easier handling of keyfiles.
- Remove custom options: `Debug`, `Number of rounds`, `Keystream block size`, `Randomized padding order`, `Derived key length`, `Metadata size`.
- Add new cusom options: `Catpig KDF space`, `Catpig KDF passes`.

Fix error: prevent accepting a passphrase that not confirmed

- Improve documentation.
- Metadata default size set to 512.
- Limit max metadata size; set MAX_METADATA_SIZE=16K.
- One KDF salt size set to 32.
- Changed metadata processing scheme. Metadata is now padded with random bytes instead of spaces.
- Approach to authenticated encryption changed to EtM.
- Improved debug messages.
- Improved dialogs and menu.
- Added BLAKE2b personalization.
- Added colors to terminal output (at least on Linux).
- Added randomized padding up to 20% of the message size by default.
- Added handling of possible I/O errors.
- Mode 9: Removed the ability to overwrite with identical bytes.
- Other minor improvements.