handle PKCS#7 authEnveloped-data

[dkg]

AuthEnvelopedData is basically AEAD applied to CMS in place of traditional encryption. It provides robust message integrity in addition to encryption.

See §3.4 of RFC 8551

It should probably behave in GMime in exactly the same way as EnvelopedData, but it's a different smime-type tag.

[jstedfast]

I'm discovering that this kinda-sorta at least depends on which encryption algorithm gets used. Algorithms like AES CBC are meant for enveloped-data but AES GCM and AES CCM are meant to be used as authenveloped-data as far as I can tell.

One question that would need to be determined is how to tell which smime-type to use based on what GnuPG/SM used as the encryption algorithm. I wonder if it provides such a hint? Better yet would be if GnuPG/SM told us directly which smime-type to use.

The next question I have right now (I haven't read the specs yet, I've only dabbled into this a tiny bit) is: do we need to do anything different when decrypting the content of an authenveloped-data part? I.e. what does it mean for the enveloped data to be "authenticated"? Does it mean there's a way to get digital signatures out of it? Or is this more like a CRC?