Simplify the ratchet

A proposal to replace the megolm ratchet with something much, much simpler.

The existing mechanism for ratcheting the key is baroque and effectively unused. It only offers performance benefits (i.e. being able to advance to any index in at most 1020 steps) once you advance the ratchet more than 257 steps - and we never advance it more than 100, due to the desire to preserve backward secrecy.

The document would probably be clearer if we rearranged it to combine the "Megolm V2 ratchet algorithm" and "Advancing the ratchet" sections, but for now I've left them separate to make the differences to the previous document clearer.