ANDROID: fips140: add AES-CBC-CTS

AES-CBC-CTS is a FIPS allowed algorithm, and fips140.ko already has
arm64 implementations of it.  Meanwhile, GKI includes both these arm64
implementations as well as the "cts" template.  Add the "cts" template
to fips140.ko too and add a self-test for AES-CBC-CTS, so that we can
include AES-CBC-CTS in the set of algorithms which will be certified.

There appears to be no support for CBC-CTS mode in pycryptodome or
python-cryptography, so I manually added the test vector.

As with a number of the other algorithms, the criteria for which
algorithms need to be in the certified set are still not particularly
clear, but the latest guidance we've received is to error on the side of
including algorithms.  Android uses AES-CBC-CTS for filenames
encryption, which may be relevant (though arguably this use case doesn't
actually require a FIPS approved algorithm).

Bug: 153614920
Bug: 188620248
Change-Id: I53ffbd1d38493592eeaf471bc0007978ec400878
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit e2cfdfbc)