On AArch64 systems without support for EOR3, assembly kernels
`aes_gcm_enc_kernel` and `aes_gcm_dec_kernel` from `aesv8-gcm-armv8.pl`
are used for the bulk of AES-GCM processing. These kernels have dedicated
tail code for handling inputs whose size is not a multiple of the
block size (16 bytes).

However, the unique call-site for `aes_gcm_enc_kernel` and
`aes_gcm_dec_kernel` in gcm.c only invokes them with data of
size a multiple of 16 bytes. This renders the tail code in
`aesv8-gcm-armv8.pl` dead.

Moreover, simply removing the truncation to 16-byte aligned data
in `gcm.c` -- that is, attempting to let `aes_gcm_{dec,enc}_kernel`
process the entire data -- leads to tests failing, which begs the
question whether the assembly is correct in this case.

This commit is a first step towards removing the tail code from
`aes_gcm_enc_kernel` and `aes_gcm_dec_kernel`, by reading it carefully
and checking how instructions simplify in the case of block-sized
data.