Set vZZ.16b register to zero before use in armv8 gcm implementation

* cipher/cipher-gcm-armv8-aarch64-ce.S
(_gcry_ghash_setup_armv8_ce_pmull): Set vZZ to zero.

Cherry-pick of master commit 79ed620ec46adbb08f5cea6a4865a95a436e4109.

Reported by "Marvin W." at https://dev.gnupg.org/D497:

The register vZZ.16b is expected to be always 0 throughout the macros
in cipher/cipher-gcm-armv8-aarch64-ce.S. The PMUL_128x128 and REDUCTION
macros are used in gcry_ghash_setup_armv8_ce_pmull function, however that
function does not set vZZ.16b to zero. If previous use left `vZZ.16b
non-zero before gcry_ghash_setup_armv8_ce_pmull is called, this will cause
invalid GCM auth tag results.

The patch resets vZZ.16b to 0 at the beginning of
gcry_ghash_setup_armv8_ce_pmull.

[jk: from differential web-ui to commit]

• Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>