ed25519hash: Use filippo.io/edwards25519

[lukechampine]

This replaces the internal edwards25519 package with filippo.io/edwards25519.

internal/edwards25519 was originally taken from George Tankersley's port of the SUPERCOP amd64-51-30k implementation, which provided a significant (2x) speedup compared to the stdlib. Later, various cryptographers collaborated to create filippo.io/edwards25519, which has the express purpose of consolidating such forks:

...for anyone currently using a fork of crypto/ed25519/internal/edwards25519 or github.com/agl/edwards25519, this package should be a safer, faster, and more powerful alternative.

Benchmarks show that the 2x speedup is indeed preserved. However, filippo.io/edwards25519 adds an allocation, which makes ed25519hash no longer zero-alloc. I will file an issue upstream to see if this allocation can be eliminated.

[lukechampine]

Goober, test and merge

[goober-the-friendly-robutt[bot]]

Ah, nothing like a net -7k diff...