Also change the date outputs to include time zones.

Led to some bugfixing in the VFP code (generating proper error
messages).

Also fix a memory leak (after removing an addr_ent from the free list).

By using BASE64URLNOPAD from VMOD blob.

After the derive_prenonce() call, the local array cek, which had
the right value after the prior call to derive_cek(), was apparently
overwritten. So copy it before that can happen.

memcmp() is defined to return 0 when the length param is 0.

Changes in the keys are expected to be rare compared to key reads.
But when there are changes, they should be executed urgently (a
key may need to be changed because it has been compromised).

We are no longer using hard-wired keys.

This has entailed compiling it to an object file (rather than just
including it in vfp.c).

This has brought about some debugging in the decrypt VFP as well.

configure has a flag --enable-set-salt. When enabled, the salt for
an encryption can be set from a bereq header (base64 encoded),
rather than generating random salt. This makes it possible to test
encryption results against known values.

Necessary because of the way VFP works.

This entails having a max_chunk parameter, currently hard-wired to
match default fetch_chunksize, but will become configurable.

In a perfect world, max_chunk would be automatically set to the
current value of fetch_chunksize -- setting it larger would be
unsafe. But since we can't read cache_param without violating
the API, we can only warn users not to do that. *sigh*