More kyber code refactoring

[xvzcf]

This PR is a grab-bag of various changes to Kyber to make things clearer, fix constant time issues and such:

• ntt.rs had code for both the NTT and functions that used the NTT in matrix/vector multiplication. These latter functions have been moved to a matrix.rs file.
• I renamed KyberPolynomialRingElement and KyberFieldElement to just PolynomialRingElement and FieldElement (they're in the Kyber code, so the Kyber prefix is uncessary)
• Some field elements are in the montgomery domain as they've been multiplied by R^{-1}, others have been multiplied by R, so multiplications take elements from the montgomery domain to the standard domain, some the other way around, so I added some type aliases and corresponding functions to try and document this. These type aliases could become tuple structs later
• I renamed the cbd function in ind_cpa.rs to sample_vector_cbd_then_ntt and expanded its use.
• I added two new constant-time functions for compressing and decompressing the coefficients of the message ring element, since the message is secret information
• The at_layer macros used in the NTT have been converted to functions that get inlined

[franziskuskiefer]

Please describe what this PR is doing.

[franziskuskiefer]

Thanks. Generally looks like good cleanup.
Let's add comments to things you're touching to get comments back in here.

[franziskuskiefer]

Thanks, only one nit.
Let's make sure to get laxing on CI before merging this. But otherwise this is good to go.

[karthikbhargavan]

All looks good, thanks.