`aes-kw`: add `zeroize` feature to clear key material in `AesKw` / `KwAes256` on drop

[Xynnn007]

Summary

aes-kw (v0.3.0) provides KwAes256 for AES Key Wrap (RFC 3394), but has no zeroize feature and does not clear expanded cipher state when AesKw is dropped.

Background

Typical JWE ECDH-ES+A256KW usage:

let cek = Zeroizing::new(Aes256Gcm::generate_key(&mut OsRng));
let wrapping_key_kdf = concat_kdf(ECDH_ES_A256KW, 32, &z)?;
let wrapping_cipher = KwAes256::new_from_slice(wrapping_key_kdf.as_slice())?;
wrapping_cipher.wrap_key(&cek, &mut encrypted_key)?;

cek and ECDH shared secret can be zeroized, but KwAes256 itself cannot be wrapped by Zeroizing and has no drop-time zeroization contract.

Current behavior

1. aes-kw has no zeroize feature.
2. It depends on aes 0.9, but does not enable aes/zeroize.
3. AesKw<C> is a wrapper around cipher: C with no Drop zeroization behavior.

Expected behavior

1. Add optional zeroize feature and propagate to aes/zeroize.
2. Implement ZeroizeOnDrop (or equivalent drop-time clearing) for AesKw<C> when inner cipher supports it.

Thanks to @Cropi 's work.