Manage Harvest now, decrypt later by implementing and requiring NTRU

[Kreyren]

As stated in matrix-org/matrix-spec#1868 and matrix-org/matrix-spec#975 the strategy of Harvest now, decrypt layer (Harvest now, decrypt later) appears to pose a huge threat to the privacy and security of instant messaging users as threat actor can just collect the encrypted events and decrypt them once a sufficient method has been discovered e.g. Resource Efficient Quantum Computers to basically having to conclude that all messages sent without PQ managed have a high risk for being collected and decrypted in the future as such this problem should be taken with SHTF urgency and managed early.

Signal manages this problem by implementing CRYSTALS-Kyber (https://signal.org/blog/pqxdh) which as stated in matrix-org/matrix-spec#975 (comment) is controversial compared to the only known and feasible alternative NTRU which appears to be superior alternative and has more experience in the wild.

Session is already using NTRU in the transmission layer, but that doesn't seem to be sufficient as the encryption for chats (judging by the source code) is not PQ.

CC @majestrate @jagerman