Always zero the argon2 output buffer prior to doing anything

This is consistent with what we are doing with scrypt.
On error/misuse, the buffer is zeroed; this may prevent bugs with
reused/invalid buffers.

src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c

@@ -130,6 +130,7 @@ crypto_pwhash_argon2i(unsigned char * const out,
                       unsigned long long opslimit,
                       size_t memlimit, int alg)
 {
+    memset(out, 0, outlen);
     if (alg != crypto_pwhash_argon2i_ALG_ARGON2I13) {
         return -1;
     }

test/default/pwhash.c

@@ -166,9 +166,9 @@ static void tv2(void)
                       salt, 2, 1ULL << 12, crypto_pwhash_alg_default()) != -1) {
         printf("[tv2] pwhash should have failed (3)\n");
     }
-    if (crypto_pwhash(out, 0x100000000ULL, "password", strlen("password"),
+    if (crypto_pwhash(out, 15, "password", strlen("password"),
                       salt, 3, 1ULL << 12, crypto_pwhash_alg_default()) != -1) {
-        printf("[tv2] pwhash with a long output length should have failed\n");
+        printf("[tv2] pwhash with a short output length should have failed\n");
     }
     if (crypto_pwhash(out, sizeof out, "password", 0x100000000ULL,
                       salt, 3, 1ULL << 12, crypto_pwhash_alg_default()) != -1) {