age: Add specification for the p256tag recipient type & stanza.

[remko]

As discussed in #31

The current version of the spec is implemented in the HEAD of age-plugin-se behind a hidden --recipient-type=p256tag flag. If you have a mac with a secure enclave, you can create an identity for testing:

$ brew install --head age-plugin-se
$ age-plugin-se keygen --recipient-type=p256tag -o key.txt
Public key: age1p256tag1qdy22pj4javt8l0c37d28nsrcepf9te0xs07j8stacysyh6dq5pm5gdvwfv

# No support for this in age yet. 
# Symlink age-plugin-se to age-plugin-p256tag if you want to run this without age support.
$ echo 'hello, world' | age --encrypt -r age1p256tag1qdy22pj4javt8l0c37d28nsrcepf9te0xs07j8stacysyh6dq5pm5gdvwfv -o hello.age

$ age -i key.txt --decrypt hello.age 
hello, world

[str4d]

The plugin protocol requires that this recipient be handled by the age-plugin-p256tag plugin and not by the native app, which I don't think is the intention. If we want to define a new recipient encoding that all age implementations are required to understand, it likely needs to be separate from the plugin namespace.

[nicoonoclaste]

It might be worth clarifying that the “identity” here refers to the private scalar in the abstract, with no encoding specified, and that the recipient's computation is (typically) not handled in software, if the intent is to hold a key inextricably in hw.

[nicoonoclaste]

Suggested change

	P256 is the scalar multiplication over P-256, with SEC 1 point decoding and
	encoding.
	P256 is the scalar multiplication over P-256, with SEC 1 point encoding.

No curve point is being decoded in that computation; plus, “encoding” (as a noun) can encompass both operations. ^^

[Disasm]

Also it might be a good idea to specify if point compression should be used or not.

[davidloiret]

typo, "assymetric" => "asymmetric"

[Foxboron]

I don't see Filippo tagged here for review, so friendly ping @FiloSottile