btcec: Optimize field inversion.

[bmperrea]

This uses the addition chain from Brian Smith's website to speed up
the inversion algorithm for btcec/field.go.

[bmperrea]

It gets back the sig-verify speed lost in #1084 😄 .

benchmark                          old ns/op     new ns/op     delta
----------------------------------------------------------------------
BenchmarkAddJacobian-8             550           552           +0.36%
BenchmarkAddJacobianNotZOne-8      1124          1128          +0.36%
BenchmarkScalarBaseMult-8          49320         48393         -1.88%
BenchmarkScalarBaseMultLarge-8     50016         48749         -2.53%
BenchmarkScalarMult-8              160763        158805        -1.22%
BenchmarkNAF-8                     867           870           +0.35%
BenchmarkSigVerify-8               256511        251033        -2.14%
BenchmarkFieldNormalize-8          13.7          13.7           0.00%

[bmperrea]

@davecgh Any chance we can get this into 0.13.0?

[jakesylvestre]

@jcvernaleo (as per #1530)

• Low priority
• Enhancement

[onyb]

@bmperrea Great work on this one! 👏

While the implementation is correct, I would like to suggest some updates to the code comments:

• The Haskell function secp256k1FieldInverseSquaredExponent is actually calculating the inverse directly, and not the squared inverse. This is because of the additional andThen add x1 added by you at the end.

  I think we should copy the algorithm verbatim, and our code should closely follow the same, to help future readers.

• Following the above point, we should explain the addition chain for prime - 3, as opposed to prime - 2, and only present the final multiplication as an extra step to compute the inverse.

• Finally, the explanation from "It follows the analogy..." until the end of the sentence could be framed in a better way to make it more understandable.

Here's a diff containing all the changes I proposed. Let me know if they make sense to you.