deny insecure parameters by default
Address Deltatar audit item 2.1: Violating data integrity using
passthrough mode.
The ciphertext is assumed attacker controlled. This allows a
downgrade to plaintext by setting the parameter version to
plaintext passthrough on an encrypted object, bypassing integrity
protection. Reduce the susceptibility to this attack by refusing
to continue if such a header is encountered in the input.
Passthrough mode is still available if the *insecure* flag is
passed to the constructors of the encryption / decryption
handles.