KeyWrap recipient doesn't actually verify KEK key_ops

[BrianSipos]

For direct key-wrap algorithms like A128KW, the current implementation of KeyWrap._compute_kek() returns just the k value and assumes that the key_ops is WrapOp or UnwrapOp for encrypt() and decrypt() respectively. This will allow a situation where a KEK is identified (e.g., by KID header) and found but has some other incompatible key_ops.

If the _compute_kek() returned the whole SymmetricKey, including its key_ops, then this check would be valid. As it is, the verify() following _compute_kek() is useless because the key_ops are forced instead of being read-in.