server/peer.c, server/keyset.c: Fix key renegotiation behaviour.

server/peer.c, server/keyset.c: Fix key renegotiation behaviour.

The existing behaviour is just wrong.  Whenever an encryption fails, the
key exchange gets kicked politely.  If the challenge is still valid,
this does nothing very useful, so fix it so that it forces a new
challenge.  If there are no keys left at all, this results in a
pointless flood of key-exchange packets.

This change introduces error codes for the ks_* and ksl_* functions, so
that callers can work out what's wrong.  (This isn't strictly necessary:
there was enough information before, but it wasn't a good idea.)  I took
the opportunity to improve the header comments on the ks_* and ksl_*
functions.

It also changes peer.c to distinguish between the various cases.  This
change provides new peer-level convenience functions for doing the
symmetric crypto, which reduces the amount of duplicated code lying
around.