RSA exponents are typically 3 or 65537, and public.
For those, we don't need to use conditional moves on the exponent,
and precomputing a lookup table is not worth it. So, save a few
cpu cycles and some memory for that common case.
For safety, make `powWithEncodedExponent()` constant-time by default,
and introduce a `powWithEncodedPublicExponent()` function for exponents
that are assumed to be public.
With `powWithEncodedPublicExponent()`, short (<= 36 bits) exponents
will take the fast path.
Most of this migration was performed automatically with `zig fmt`. There
were a few exceptions which I had to manually fix:
* `@alignCast` and `@addrSpaceCast` cannot be automatically rewritten
* `@truncate`'s fixup is incorrect for vectors
* Test cases are not formatted, and their error locations change
A minimal set of simple, safe functions for Montgomery arithmetic,
designed for cryptographic primitives.
Also update the current RSA cert validation to use it, getting rid
of the FixedBuffer hack and the previous limitations.
Make the check of the RSA public key a little bit more strict by
the way.
