Implement ECDSA sign/verify

[qmuntal]

This PR implements ECDSA functions and methods.

There doesn't seem to be any incompatibility with Go crypto 😄

There are two related incompatibilities with the boring API:

• We can't provide boring.SignMarshalECDSA because the returned signature is expected to be ASN.1 encoded, but bcrypt returns it as P1363 encoded. We can't import encoding/asn1, so it is not feasible to convert P1363 -> ASN.1. I've implemented SignECDSA instead, which returns unencoded big numbers, being the P1363 -> big number really stright-forward.
• We can't provide boring.VerifyECDSA because it accepts an ASN.1 encoded signature, and we can't decode it for the same reason as boring.SignMarshalECDSA. I've modified the functions parameters to accept big numbers.

This will require patching crypto/ecdsa to do special logic when working with this backend, but I expect it to be minimal.

[qmuntal]

I just noticed that this PR does not add support for P-224 and that I haven't documented it in the description. Although CNG does not provide P-224 curves out-of-the-box, I think it can be implemented as a custom curve, will try to do so in a follow-up PR.