Avoiding lots of "if len(k) != x { panic" is a fair bit of it, as well
as documenting the sizes of things in the type, rather than having to
read the comments and also preventing typos where, say, the nonce and
key are interchanged. (For example, the fact that the nonce is 24
bytes for (secret)box is significant because the Salsa20 nonce is
usually 8 bytes and hints that something more complex is happening
under the covers.)
Often a new type would be used for these things but crypto is
something that generally happens at the edge of a process, where type
information is lost in serialisation. So that doesn't work as well as
it might otherwise.
(And one of my Go nits is that casting from a slice to an array
pointer doesn't work.)
It's quite possible that I was an idiot and should just have used slices.
Cheers
AGL