Refactor AES context to be shallow-copyable

Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>

include/mbedtls/aes.h

@@ -80,7 +80,7 @@ extern "C" {
 typedef struct mbedtls_aes_context
 {
     int MBEDTLS_PRIVATE(nr);                     /*!< The number of rounds. */
-    uint32_t *MBEDTLS_PRIVATE(rk);               /*!< AES round keys. */
+    size_t MBEDTLS_PRIVATE(rk_offset);           /*!< Buffer offset for AES round keys. */
     uint32_t MBEDTLS_PRIVATE(buf)[68];           /*!< Unaligned data buffer. This buffer can
                                      hold 32 extra Bytes, which can be used for
                                      one of the following purposes: