This modularizes the IKEv2 key derivation, which makes certification (e.g.
FIPS) easier because it allows the two steps (PRF/prf+) to be implemented
by already certified third-party libraries.
For the existing third-party libraries, the two KDFs are implemented via
the respective library's HKDF implementation. A generic implementation,
based on existing PRFs, is provided by the new kdf plugin.