Introduce Packet Criticality based on Packet Tags

Partition the Packet Tag space into critical and non-critical.

This introduces the concept of Packet Criticality. If an unknown critical packet is encountered in a Packet Sequence, the whole sequence MUST be rejected. On the other hand, unknown non-critical packets MUST be ignored. This provides a way to extend the protocol in a forward-compatible way.

The idea of Packet Criticality is borrowed from the Signature Subpacket Framework, where it can be toggled independently from the Subpacket Tag. This is possible because the critical flag is protected by the signature.

On the other hand, the integrity of Packet Framing is not (usually) protected, hence may be altered by an attacker. Therefore, we bind Packet Criticality to the Packet Type: now altering the criticality alters the type, changing its semantic at the same time.

We also tighten the rules with regards to unexpected packets in Packet Sequences: known, non-critical, yet unexpected packets are not allowed. Picture that we introduce a non-critical packet in the future that only makes sense in an OpenPGP Message sequence. Implementations that don't yet know this packet will consider it unknown, and hence will unfortunately accept it in a TPK. But implementations that do know this packet should reject it in a TPK, because it is now known but unexpected.

This is an alternative to !189 (closed).