polyval: add avx2 to runtime CPU feature check (#316)

Fixes #315

The `cpufeatures::new!` macro in `avx2.rs` only checks for `pclmulqdq`:

    cpufeatures::new!(clmul, "pclmulqdq");

But the functions it guards are annotated with both `avx2` and
`pclmulqdq`:

    #[target_feature(enable = "avx2", enable = "pclmulqdq")]
    pub(super) unsafe fn expand_key(h: &[u8; 16]) -> ExpandedKey { ... }

On CPUs that support PCLMULQDQ but **not** AVX2 (e.g. Intel Pentium
Gold, Celeron, some Atom processors), the runtime check incorrectly
passes, AVX2-annotated functions are called, and the process crashes
with `SIGILL` on VEX-encoded instructions.

## Fix

```diff
-cpufeatures::new!(clmul, "pclmulqdq");
+cpufeatures::new!(clmul, "pclmulqdq", "avx2");
```

This ensures the intrinsics path is only used when both features are
available. CPUs without AVX2 correctly fall back to the software
implementation in `backend/soft.rs`.

## Testing

Verified on Intel Pentium Gold G5420 (PCLMULQDQ: yes, AVX2: no). Before
the fix, any AES-GCM operation crashed with SIGILL. After the fix,
polyval correctly uses the software fallback and all operations succeed.

Author: wittjeff

polyval/src/backend/intrinsics/avx2.rs

@@ -31,7 +31,7 @@ use core::arch::x86_64::*;
 /// P1 polynomial: x^63 + x^62 + x^57 = 0xC200000000000000
 const P1: u64 = 0xC200000000000000;
 
-cpufeatures::new!(clmul, "pclmulqdq");
+cpufeatures::new!(clmul, "pclmulqdq", "avx2");
 pub(crate) use clmul::InitToken;
 
 /// Byte array which is the inner type of `FieldElement`