Don't use asserts for "runtime" errors

[mafintosh]

Right now all error handling in this module is done using asserts which seems really solid in my experience so far.

However some of these asserts act on user input buffers which normally would come from a network. When this buffer is wrong this module throws an assert error instead of a "runtime" NoiseProtocol error. This makes it tricky to figure out what is programmer errors (ie the program should abort) and what is bad network input errors (ie a network stream should close and an error should be propagated).

An example of this is

noise-protocol/handshake-state.js

Line 387 in 928eddd

assert(message.byteLength - moffset >= bytes)

That assert is triggered if two peers both set isInitiator to true, which should not be an assert but a normal error.