enable strict IV checking by default during decryption
Address Deltatar audit item 2.3: Ciphertexts can be re-ordered or
dropped when decryption is non-linear
Set *decryption* contexts to validate IVs unless the user opts out.
This requires sprinkling options for non-strict behavior wherever
a decryption context might be created, and disabling the strict
checking for APIs intended for use with possibly corrupted inputs.
During a normal *encryption* when only a single Encrypt handle is
used, the IVs are guaranteed unique. Strict tracking of IVs is
only necessary in testing and when working with multiple Encrypt
handles so used IVs are to be compared across handlers
afterwards. Thus we need not enable the ``strict_ivs'' option for
Encrypt handles.