Use small Curve25519 for wasm32 & other non-{aarch64,x86_64}.

[briansmith]

Enable ring::agreement for wasm32 targets using the small implementation of Curve25519.

Use the small Curve25519 implementation of Curve25519 (and P-256) for all targets except for Aarch64 and x86-64.

Besides being smaller, the small implementations are likely more resistant to compiler-introduced side-channels, which is especially important for the wasm32 virtual machine and other targets that we don't QA as thoroughly as AAarch64 and x86-64.

Bring in the previously-removed definition of fe_mul_llt from BoringSSL as of commit
8d71d24.

[codecov]

Codecov Report

Merging #1746 (870180e) into main (0f8386d) will decrease coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1746      +/-   ##
==========================================
- Coverage   96.10%   96.09%   -0.01%     
==========================================
  Files         137      137              
  Lines       20548    20607      +59     
  Branches      217      221       +4     
==========================================
+ Hits        19747    19802      +55     
- Misses        762      766       +4     
  Partials       39       39              

Files	Coverage Δ
crypto/curve25519/curve25519.c	99.60% <100.00%> (+0.01%)	⬆️
src/ec.rs	100.00% <ø> (ø)
src/ec/suite_b.rs	98.65% <ø> (ø)
src/lib.rs	34.61% <ø> (ø)
tests/agreement_tests.rs	91.25% <ø> (ø)

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more