`HandshakeState::write_message` always checks if tag fits into output buffer

[survived]

At this line there's a check that aead tag fits into output buffer, although the tag is not necessarily appended to the message. E.g. in the Noise_NN_25519_AESGCM_SHA256 handshake first message size is 32 bytes, but this code fails:

static PATTERN: &'static str = "Noise_NN_25519_AESGCM_SHA256";

let mut initiator = snow::Builder::new(PATTERN.parse()?).build_initiator()?;
let mut responder = snow::Builder::new(PATTERN.parse()?).build_responder()?;

let mut first_msg = [0u8; 32];

// this line yields `Err(snow::Error::Input)`
let len = initiator.write_message(&[], &mut first_msg)?;

But if we supply buffer of length 48 bytes, then this code works, but only 32 bytes are written to the output buffer

static PATTERN: &'static str = "Noise_NN_25519_AESGCM_SHA256";

let mut initiator = snow::Builder::new(PATTERN.parse()?).build_initiator()?;
let mut responder = snow::Builder::new(PATTERN.parse()?).build_responder()?;

let mut first_msg = [0u8; 48];

let len = initiator.write_message(&[], &mut first_msg)?;
assert_eq!(len, 32);

Requiring output buffer to be 48 bytes length but using only 32 of them seems to be a buggy to me. I'd update the check to require buffer to fit the tag only if there's encryption key.