StrobeGo does not support continuation ops

Because Strobe encodes the operation, doing two meta-AD operations is
different from doing one meta-AD operation with the concatenated data.
Other Strobe implementations, such as the one internal to the Merlin
implementation in Rust, support a "continuation" flag that indicates
that some data is a continuation of a previous operation, rather than a
new one.  However, StrobeGo does not, so the previous code was doing two
separate operations.  This code may do more allocations than necessary,
as I have never understood the semantics of Go slices.

merlin.go

@@ -36,8 +36,11 @@ func (t *Transcript) AppendMessage(label, message []byte) {
 
 	fmt.Printf("meta-AD : %x || LE32(%d)\t# b\"%s\"\n", label, len(message), label)
 
-	t.s.AD(true, label)
-	t.s.AD(true, sizeBuffer)
+	// The StrobeGo API does not support continuation operations,
+	// so we have to pass the label and length as a single buffer.
+	// Otherwise it will record two meta-AD operations instead of one.
+	labelSize := append(label, sizeBuffer...)
+	t.s.AD(true, labelSize)
 
 	fmt.Printf("AD : %x\t# b\"%s\"\n", message, message)
 	t.s.AD(false, message)
@@ -53,8 +56,11 @@ func (t *Transcript) ExtractBytes(label []byte, outLen int) []byte {
 
 	fmt.Printf("meta-AD : %x || LE32(%d)\t# b\"%s\"\n", label, outLen, label)
 
-	t.s.AD(true, label)
-	t.s.AD(true, sizeBuffer)
+	// The StrobeGo API does not support continuation operations,
+	// so we have to pass the label and length as a single buffer.
+	// Otherwise it will record two meta-AD operations instead of one.
+	labelSize := append(label, sizeBuffer...)
+	t.s.AD(true, labelSize)
 
 	// a PRF call directly to the output buffer would be better
 	return t.s.PRF(outLen)