rfc6979: integrate crypto-bigint

[tarcieri]

Currently rfc6979 bundles a tiny, slow, byte-oriented bignum library: https://github.com/RustCrypto/signatures/blob/master/rfc6979/src/ct.rs

Several of the interfaces described in RFC6979 describe an "int" type, perhaps most notably the bits2int function (which is partially implemented in the ecdsa crate in the form of bits2field). However all of the APIs in rfc6979 are byte/octet-oriented, which can make things a bit awkward.

With crypto-bigint now supporting a heap-allocated BoxedUint and plans to migrate the dsa crate to that (#779), as well as having traits for abstracting over stack-vs-heap allocated big integers in crypto-bigint like Integer and Monty, it becomes possible to make rfc6979 closer to 1:1 with the APIs described in the RFC while being able to support both the dsa and ecdsa use cases.

[tarcieri]

This is a bit tricky because crypto-bigint integers are multiples of 64-bits, and rfc6979 may need to work on smaller integers (e.g. 521-bit for P-521).

[tarcieri]

I'm going to close this for now: it would really require new types in crypto-bigint which could represent integers which are smaller than multiples of the limb size.

The existing implementation works on the byte level, which isn't as efficient but at least works.