transform: Do not look at any bytes of PKCS#5 padding other than the last

transform: Do not look at any bytes of PKCS#5 padding other than the last

This might avoid some timing-related information leaks.  In principle
this is a protocol change: we now no longer use actual PKCS#5 padding;
instead, we use a padding scheme where all but the last byte of the
padding may be sent as anything and are ignored by the receiver.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>