Same comment about scalar decoding as for Ed25519.
Here, DeserializeElement() does NOT reject the identity (either as a
public key or as a commitment). It is weird to explicitly reject it
for Ed25519 and Ed448 (in contradiction with RFC 8032) and not
reject it for ristretto255 (where there is no existing signature
standard that should be adhered to for interoperability). I would
have expected the opposite (accept the identity for Ed25519 and
Ed448 because of interoperability issues, but reject it for
ristretto255 because the identity is a really daft public key).
From @pornin: