crypto_box: test ChaChaBox against libsodium-generated test vectors

[tarcieri]

In RustCrypto/AEADs#295, the ChaChaBox construction was changed to the following (prior versions did not apply HChaCha20):

shared_key = hchacha20(x25519(alice_sk, bob_pk), [0u8; 16]))

In theory, this should be compatible with what libsodium implements:

https://github.com/jedisct1/libsodium/blob/e1fa9cc/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c#L45-L51

We should add test vectors generated by libsodium to ensure this is the case.