Add compress, decompress_unchecked, and is_in_prime_subgroup methods

[AllFi]

In this PR, the following was done:

1. Implemented EdwardPoint::compress method that packs X coordinate and the sign of Y in 32 bytes.
2. Implemented EdwardPoint::decompress_unchecked method that restores the point serialized with the previous method without checking that the point is in the prime subgroup.
3. Implemented EdwardPoint::is_in_prime_subgroup method that checks that the point is in the prime subgroup.
4. Added unit tests that check the aforementioned methods work properly.

The reason why it could be useful is described at https://github.com/zkBob/zkbob-pool-storage/issues/2.

Refs and implementation examples:

• https://eips.ethereum.org/EIPS/eip-2494
• https://github.com/iden3/go-iden3-crypto/blob/edc36bfa52472e888b403337ba7941a122e99ab3/babyjub/babyjub.go#L209
• https://github.com/arnaucube/babyjubjub-rs/blob/1a69ae682817f5c878bd90e7b873a65f507ab831/src/lib.rs#L166

Note: fawkes-crypto uses optimized parameters of twisted edwards curve so the formulas in this PR and in the examples above are different. This transformation is explained in Theorem 4.1 of this proposal.

[lok52]

Do we have any additional trust assumptions regarding new cold storage EC points format? https://github.com/zkBob/zkbob-pool-storage/issues/2#issuecomment-1405081627

[AllFi]

Do we have any additional trust assumptions regarding new cold storage EC points format? https://github.com/zkBob/zkbob-pool-storage/issues/2#issuecomment-1405081627

If I haven't made any mistakes in https://github.com/zkBob/libzeropool-zkbob/pull/8 then we don't have any additional trust assumptions. We still check everything that we checked before but in a different order.