Reduce Poseidon hash rounds, following 2019/458.

[alex-ozdemir]

This commit reduces the number of rounds in the Poseidon hash function in two ways:

• It correctly interprets the R_F parameter as the total number of full rounds.
  • The previous implementation incorrectly interpretted the R_F parameter as the number of full rounds on each side. That is actually the R_f parameter.
  • Relevant citation: 2019/458, page 6, paragraph 3.
• It sets the number of partial rounds to 57, as is reccomended for x^5-Poseidon
  • The previous value, 84, is the reccomended number of partial rounds for x^3-Poseidon.
  • Relevant citation: 2019/458, table 3, row 3.

Note that before this commit, the Poseidon implementation was not vulnerable, to the best of our knowledge. While the implementation appears to have made two mistakes, it made these mistakes in a way that improved, not reduced, the security.

[alex-ozdemir]

To be clear: if you guys want to keep the increased number of rounds for security reasons, that is more than reasonable. I'm only submitting the PR because the extra rounds seem to have been implemented by mistake.