Reduce amount of SHA-256 operations when deriving keys

Calling Prk::new_less_safe results in at least 4 rounds of SHA-256.

This change reuses previosly created instances of Prk to reduce cost of
key derivation.

quiche/src/crypto/boringssl.rs

@@ -164,15 +164,17 @@ impl PacketKey {
         })
     }
 
-    pub fn from_secret(aead: Algorithm, secret: &[u8], enc: u32) -> Result<Self> {
+    pub fn from_secret_prk(
+        aead: Algorithm, secret_prk: &hkdf::Prk, enc: u32,
+    ) -> Result<Self> {
         let key_len = aead.key_len();
         let nonce_len = aead.nonce_len();
 
         let mut key = vec![0; key_len];
         let mut iv = vec![0; nonce_len];
 
-        derive_pkt_key(aead, secret, &mut key)?;
-        derive_pkt_iv(aead, secret, &mut iv)?;
+        derive_pkt_key(aead, secret_prk, &mut key)?;
+        derive_pkt_iv(aead, secret_prk, &mut iv)?;
 
         Self::new(aead, key, iv, enc)
     }