This behavior was completely unpredictable from the function name,
in particular when comparing it to other set_*_addr functions.

Since there's a tweak being introduced, this should be reflected
in the name of the functions.

This ensures that xmss_core and xmss_core_fast offer the same API.
Note that xmss_core_fast still needs a major refactor, and this
wrapper is not exactly very clean. There is a considerable chance
this refactor will change the format of the state in the secret key.

Previous code allocated an array on the stack of mlen bytes, but
it should be possible to also sign heap-space messages. By relying
on the fact that sm and m fit the message + signature, we move
the message so that 4*n bytes of prefix can be added.

This allows different backends to store additional state information
in the secret key while the rest of the codebase remains agnostic.

In particular, this prepares for a common xmss_core.h API for both
the standard and the BDS-traversal-based implementations.

Using global defines for parameters (as seems to be typical in
academic crypto code) does not play nice with multithreading at all.

This also performs numerous consistency fixes

A large number of functions was repeated in xmss_fast; these are now
shared between the two implementations via the xmss_commons file.
Notably, we ensure compatability by sharing the verification functions.

This starts a cleanup / refactor, but there is still some low-hanging fruit.

Versions are incompatible due to different address formats and differing message compression!

The bug occured for cases where d=3 and indicated
a lack of updates. Re-implementing the higher-level
structure of BDS resolved this.