[noise] expected length of messages during handshake

[David Wong]

> By the way, had a quick glance at TLS's CLIENT_HELLO - it has session_id
> field in it and I think we can support channel binding the same way
> (obviously give a warning NOT to use unsigned/nonencrypted handshake hash in
> this field). I'd see this field as an optional one, so maybe we could have
> "optional data field" at the end of negotiation data that could contain such
> data. Maybe an overkill though.

That session_id is for session resumption! (And its been removed from TLS 1.3)