New f1600x4

Instead of using intrinsics and full unrolling, this uses a
four-round unrolled version adapted from the one I wrote for
Cloudflare's CIRCL library:

    github.com/cloudflare/circl/simd/keccakf1600

shake256-avx2/.gitignore

@@ -3,4 +3,5 @@ test/*
 PQCsignKAT_*.rsp
 PQCsignKAT_*.req
 PQCgenKAT_sign
-keccak4x/KeccakP-1600-times4-SIMD256.o
+keccak4x/KeccakP-1600-times4-SIMD256.o
+*.s

shake256-avx2/Makefile

@@ -3,8 +3,8 @@ CFLAGS = -Wall -Wextra -Wpedantic -O3 -std=c99 -march=native -fomit-frame-pointe
 
 THASH = robust
 
-SOURCES =          hash_shake256.c hash_shake256x4.c thash_shake256_$(THASH).c thash_shake256_$(THASH)x4.c address.c randombytes.c wots.c utils.c utilsx4.c fors.c sign.c fips202.c fips202x4.c keccak4x/KeccakP-1600-times4-SIMD256.o
-HEADERS = params.h hash.h          hashx4.h          thash.h                 thashx4.h                 address.h randombytes.h wots.h utils.h utilsx4.h fors.h api.h fips202.h fips202x4.h
+SOURCES =          hash_shake256.c hash_shake256x4.c thash_shake256_$(THASH).c thash_shake256_$(THASH)x4.c address.c randombytes.c wots.c utils.c utilsx4.c fors.c sign.c fips202.c f1600x4.c f1600x4.s
+HEADERS = params.h hash.h          hashx4.h          thash.h                 thashx4.h                 address.h randombytes.h wots.h utils.h utilsx4.h fors.h api.h fips202.h f1600x4.h
 
 DET_SOURCES = $(SOURCES:randombytes.%=rng.%)
 DET_HEADERS = $(HEADERS:randombytes.%=rng.%)
@@ -39,16 +39,7 @@ test/%: test/%.c $(SOURCES) $(HEADERS)
 test/%.exec: test/%
 	@$<
 
-keccak4x/KeccakP-1600-times4-SIMD256.o: keccak4x/align.h \
-										keccak4x/brg_endian.h \
-										keccak4x/KeccakP-1600-times4-SIMD256.c \
-										keccak4x/KeccakP-1600-times4-SnP.h \
-										keccak4x/KeccakP-1600-unrolling.macros \
-										keccak4x/SIMD256-config.h
-	$(CC) $(CFLAGS) -c keccak4x/KeccakP-1600-times4-SIMD256.c -o $@
-
 clean:
-	-$(RM) keccak4x/KeccakP-1600-times4-SIMD256.o
 	-$(RM) $(TESTS)
 	-$(RM) $(BENCHMARK)
 	-$(RM) PQCgenKAT_sign