AESSIV doesn't support nonce

[taylor-cedar]

The AESSIV class implemented in this PR and converted in this PR
encrypt function does not support nonce and instead passes b'' in as the nonce always. It appears to be changed in the rust version (don't know rust very well).

Can we add nonce as a param for AES SIV encrypt and decrypt? It feels like it should be required IMO, so people can opt-in to deterministic encryption instead of having it out of the box.

encrypt(self, data: bytes, nonce: typing.Optional[bytes], associated_data: typing.Optional[typing.List[bytes]])

[reaperhulk]

RFC 5297 section 3 describes how nonces work for SIV. The nature of the construction is such that, by convention, the "last" associated data provided is equivalent to a nonce. So the API supports this via passing the nonce as the last element in the associated data list. You can see sample code in the docs showing this as well.

[taylor-cedar]

Thanks @reaperhulk. I saw the docs, but misunderstood because it was getting passed in the associated data.