ff_derive: unnecessary limb required for large modulus (e.g. for NIST P-curves)

When using ff_derive with the base or scalar field modulus of elliptic curves like P-256 or P-384, ff_derive requires one more limb than is strictly necessary.

Example:

use ff::PrimeField;

#[derive(PrimeField)]
#[PrimeFieldModulus = "115792089210356248762697446949407573530086143415290314195533631308867097853951")
#[PrimeFieldGenerator = "6"]
#[PrimeFieldReprEndianness = "big"]
struct P256FieldElement([u64; 4]);

...fails with the following error:

error: The given modulus requires 5 limbs.
 --> src/lib.rs:7:31
  |
7 | struct P256FieldElement([u64; 4]);

zkcrypto / ff

ff_derive: unnecessary limb required for large modulus (e.g. for NIST P-curves) #71