bls12381: Add support for point at infinity for G1 adds

[wwared]

This PR adds some initial point at infinity handling for G1 points. (G2 points will be similar, but come in a future PR).

• Add identity() method that returns (0, 0)
• Check if value is identity inside alloc_elem: the native bls12_381 representation is (0, 1) instead of (0, 0), so we need to map it
• Add alloc_is_identity() that checks whether the point is (0, 0)
• Modify assert_collinear into assert_addition that can handle points at infinity. Function is called with assert_addition(a, b, c) and checks whether a + b = c is valid
  • Supports the case where a == 0 or b == 0, to support checking whether a + b = c: usually only one of a or b is 0, and in this case then c == 0 as well and the function works properly. The function only breaks if b == -a and c == 0.
  • The costs of this function are still under the costs of add_unified (~3800 vs ~5000 constraints per operation), so it makes sense to have it for certain applications for now.
  • The changes are implemented by chaining boolean conditions.
• Add add_unified implementation that supports all input values. (p = 0, q = 0, p = q are all supported)
• Add conditionally_select implementation for G1Point

[Nramsrud]

Other than the typo, good to go.

[huitseeker]

This LGTM, I'll let @Nramsrud shepherd this one.