Merge #710: Eliminate harmless non-constant time operations on secret data.

Merge #710: Eliminate harmless non-constant time operations on secret data.

7b50483ad789081ba158799e5b94330f62932607 Adds a declassify operation to aid constant-time analysis. (Gregory Maxwell)
34a67c773b0871e5797c7ab506d004e80911f120 Eliminate harmless non-constant time operations on secret data. (Gregory Maxwell)

Pull request description:

  There were several places where the code was non-constant time
   for invalid secret inputs.  These are harmless under sane use
   but get in the way of automatic const-time validation.

  (Nonce overflow in signing is not addressed, nor is s==0 in signing)

ACKs for top commit:
  sipa:
    utACK 7b50483ad789081ba158799e5b94330f62932607
  real-or-random:
    ACK 7b50483ad789081ba158799e5b94330f62932607 I read the code carefully and tested it
  jonasnick:
    reACK 7b50483ad789081ba158799e5b94330f62932607

Tree-SHA512: 0776c3a86e723d2f97b9b9cb31d0d0e59dfcf308093b3f46fbc859f73f9957f3fa977d03b57727232040368d058701ef107838f9b1ec98f925ec78ddad495c4e