Bring in QED-it Tests

[defuse]

This pulls in a bunch of tests QED-it wrote during their audit that were spread across many branches in their sapling-crypto-internal repository. I've left their history intact so the best way to review it is to just look at the final diff, except for...

• the third-last commit which includes changes outside of tests, and
• the second-last commit which is my attempt to fix the broken linear relation testing in the previous commit (the check in the previous commit effectively just checks that p1 != p2 again, not what it was intended to do).

I have not reviewed the actual test code myself.

I did not bring in this change to the circuit code, because I don't understand it. I also did not bring in a bunch of changes to comments and variable renamings in the aurel_comments branch and the sum_bug branch, but I did bring in the new tests from those branches.

[daira]

@defuse wrote:

I did not bring in this change to the circuit code, because I don't understand it.

That change looks correct to me, but it should not be in this PR. (The change does not alter the behaviour of the circuit. It addresses the "Pedersen hash circuit implementation can not calculate inputs larger than 63*3*4" issue in the QED-it report.)

[defuse]

Just added a commit to fix the build warnings.

[str4d]

Replaced by zcash/librustzcash#93