luks: Add XTS cipher mode support for LUKS2

Add support for AES-XTS cipher mode in addition to the existing
AES-CBC-ESSIV support. This is the default cipher for LUKS2 volumes.

The cipher mode (CBC/XTS) is obtained from the LUKS1 cipher_mode or
LUKS2 encryption metadata.

XTS mode uses 512-byte block numbers for IV generation (plain64),
matching dm-crypt behavior. LUKS2 typically uses 4096-byte sectors
for XTS encryption but the IV is based on 512-byte block numbers.

Fix the blkmap-size calculation to exclude the LUKS header/payload
offset.

Update the LUKSv2 test to check reading a file.

Series-to: concept
Cover-letter:
luks: Support the AES-XTS cipher mode
This series finishes off the implementation of LUKSv2, adding support
for the common cipher mode and testing that files can be read from the
disk.

It includes a fix for using the correct size when mapping the crypt, as
well as some refactoring to split up the code a little better.
END

Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>

test/boot/luks.c

@@ -287,12 +287,9 @@ static int bootstd_test_luks2_unlock(struct unit_test_state *uts)
 	desc = blk_get_devnum_by_uclass_idname("blkmap", 0);
 	ut_assertnonnull(desc);
 
-	/* at present this fails due to incorrect decryption */
-	if (0) {
-		ut_assertok(fs_set_blk_dev_with_part(desc, 0));
-		ut_assertok(fs_size("/bin/bash", &file_size));
-		ut_asserteq(5, file_size);
-	}
+	ut_assertok(fs_set_blk_dev_with_part(desc, 0));
+	ut_assertok(fs_size("/bin/bash", &file_size));
+	ut_asserteq(5, file_size);
 
 	/* Test unlocking with wrong passphrase */
 	ut_asserteq(1, run_command("luks unlock mmc c:2 wrongpass", 0));