Replace agl's Elligator2 implementation with a different one, that fixes
the various distinguishers stemming from bugs in the original
implementation and "The Elligator paper is extremely hard to read".
All releases prior to this commit are trivially distinguishable with
simple math, so upgrading is strongly recommended. The upgrade is fully
backward-compatible with existing implementations, however the
non-upgraded side will emit traffic that is trivially distinguishable
from random.
Special thanks to Loup Vaillant for his body of work on this primitive,
and for motivating me to fix it.
Yawning Angel