* Rename `struct rawkey' to `deriveargs', and document it;
* make `ks_derivekey' private in `bulkcrypto.c', and rename it
`derivekey';
* make the various contributions to the derived keys be optional and
handle them not existing sensibly; and
* cope with the idea that a caller might only want incoming or
outgoing keys, but not both.
This lays the groundwork for a separately usable public-key encryption
scheme based on the existing machinery, but this will come a bit later.