Calls explicitly `doFinal()` on the byte array of plaintext and
ciphertext, instead of making use of Cipher{Input,Output}Stream.

While functionally equivelant, CipherInputStream merhod does not
work well with BouncyCastle (FIPS) Security Provider's implementation
of AES GCM as the byte array that is read from the `CipherInputStream`
backed `DataInputStream` is always some bytes short (17 vs 20 for
the case of `keystore.seed` value).

After receiving feedback from the discussion in the upstream [1],
reverted back to using CipherInputStream. Instead of using
`read()` and checking that the bytes read are what we expect,
use `readFully()` which will read exactly the number of bytes
while keep reading until the end of the stream or throw an
`EOFException` if not all bytes can be read.

This approach keeps the simplicity of using CipherInputStream while
working as expected with both Security Providers

[1] https://www.bouncycastle.org/devmailarchive/msg15559.html

Adds test that ensures readFully() does not read garbage after the
encrypted data.

Ensures we fail if for some reason readFully can't consume the
entire stream (for instance if stream contains trailing garbage)

Adds aditional explicit check for full stream consumption
Adds tests