server/: Replace the Diffie--Hellman group abstraction.

Downside: this basically involves duplicating Catacomb's `group'
implementation.

Upside: I've been able to improve a few things.  Most notably, this new
abstraction covers scalars as well as group elements, which extends the
possibilities.  Because the new abstraction takes over responsibility
for tracing and reporting, I've been able to make group-specific
improvements.

More subtly, I've also introduced an additional group-element encoding
format.  Previously, there was the `buffer format' (a sequence of
length-prefixed items) and the `raw format' (a binary blob with a known
length, used in encrypted messages).  But there's an additional source
of length leakage for secret values, which is in hashing: so I've
introduced a new `hash format', which currently works the same as
`buffer' for compatibility's sake, but could later be switched -- say,
by a key attribute -- to work like `raw'.

I've also passed the key file and object through to the DH operations,
so that they can pick up additional attributes from the key.  Nothing
takes advantage of this yet, though.