p256: Implement scalar arithmetic via Barrett reduction

[tarcieri]

This PR cherry picks @nickray's original #56 onto the latest code.

I also removed the expose-arithmetic feature/gating as I think it should no longer be necessary.

With this I think it should be possible to implement ecdsa::hazmat::SignPrimitive ala the implementation in #79 for secp256k1.

[codecov-commenter]

Codecov Report

Merging #83 into master will increase coverage by 0.98%.
The diff coverage is 66.01%.

@@            Coverage Diff             @@
##           master      #83      +/-   ##
==========================================
+ Coverage   52.72%   53.70%   +0.98%     
==========================================
  Files          17       17              
  Lines        3124     3374     +250     
==========================================
+ Hits         1647     1812     +165     
- Misses       1477     1562      +85     

Impacted Files	Coverage Δ
p256/src/arithmetic/scalar.rs	66.89% <65.88%> (-5.61%)	⬇️
p256/src/arithmetic/field.rs	78.04% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0586693...1eb82c5. Read the comment docs.

[tarcieri]

@nickray was there anything else incomplete about this PR?

I'd like to go ahead and merge it and cherry-pick parts of #57 onto the SignPrimitive interface ala #79

[nickray]

@tarcieri sure, go ahead with both, happy to see signatures appear!

Nothing obvious missing, apart from a potential code detail review and more testing, which perhaps comes later?

[tarcieri]

Sounds good, will go ahead and move forward with this.

I think if we can get ECDSA to a PoC stage, there are some other interested parties who can help work on improving P-256 scalar arithmetic (and ideally with that, improving testing).