Add signature check to bootloader

[kYc0o]

Based on #6922 .

This update adds signature capabilities to the metadata generator, which will sign the hash of the firmware and store the signature in the metadata.

This approach utilises tweetnacl, with the ed25519 curve, to sign the hash.

A couple of example keys are provided with this PR, which can be of course replaced.

Since tweetnacl needs a considerable amount of ROM, the interactive bootloader doesn't fit in the originally 16K allowed to it, so it's disabled by default.

In order to test it, you can compile any image with the following command:

make FW_SLOT=1 APPID=0xabcd1234 VERSION=0x1 bootloader

which will generate a file in the bin/BOARD/slot1/ directory called bootloader-APPLICATION.elf, which can be flashed into the node.

If everything goes well, you should be able to see an output similar to

Welcome to RIOT bootloader!
[bootlaoder] Cheking for slots metadata...
[bootlaoder] Found slot 1 with APPID: 0xabcd1234 
[bootloader] Slot 2 not valid
[bootloader] Warning! application IDs are different!
[bootloader] falling back to slot 1
Firmware Size: 77688
Firmware Version: 0x1
Firmware APPID: 0xabcd1234
[bootloader] Image on slot 1 verified! Validating...
[bootlaoder] slot 1 validated! Booting...
main(): This is RIOT! (Version: 2017.04-devel-928-g1e69c-snake.lan-bootloader_with_signature)

if you have nothing on slot 2, which will verify and boot slot 1.

As in #6922, you can also generate images for the slots independently of the bootloader (to send them OTA for example) which will be signed by default.

As for the other PRs related to this one, it only works on the iotlab-m3 platforms, for now.