Implement cx_bn_gf2_n_mul

[aido]

Fixes #64

This PR is a workaround that implements cx_bn_gf2_n_mul() in the SDK until it is hopefully added as a syscall like in all other Ledger devices.

As the second Montgomery constant (bn_h) is an unused attribute here it begs the question how is the second Montgomery constant (bn_h) used in the implementation of cx_bn_gf2_n_mul() on Nano S Plus, Nano X and Stax devices? Is it also unused on these devices?

[!NOTE] The code in this PR is already included in the app-seed-tool which has passed Ledger's security review.

[aido]

Hi @srasoamiaramanana-ledger,

You seem to have expertise in this area so if I may ask a question.

This pull request is a straightforward implementation of Galois field multiplication for Nano S devices. It is probably not very efficient but seems to work nonetheless.

I notice that all devices except Nano S use a syscall to perform this function. That syscall makes use of the second Montgomery constant.

https://github.com/LedgerHQ/ledger-secure-sdk/blob/25f141f0b2d03ffad79b465ef29d29f07e3a33c0/include/ox_bn.h#L1111

I assume the use of the Second Montgomery constant in cx_bn_gf2_n_mul() somehow makes Galois field multiplication operations more efficient? If so, any idea on how I may implement similar in this pull request?

[!NOTE] I may move this PR to the ledger-secure-sdk repo as that seems to be replacing nanos-secure-sdk