Group trait experiment

[daxpedda]

This is an initial experiment on how to completely transition away from providing any specific implementation of Group in the voprf crate, but rely on traits from elliptic-curve exclusively.

Which is impossible at the moment, but this is a first step into the right direction. Missing steps would be:

• Upstreaming the Voprf trait to elliptic-curve and implement it for NistP256 and NistP384.
• Wait for feat: hash to curve RustCrypto/elliptic-curves#495 to finish up, which would allow us to completely remove our P256 hash2curve implementation.
• Wait for p384: scalar arithmetic RustCrypto/elliptic-curves#489 to reach upstream, which would give us P-384 for free.
• Implement same traits for RistrettoPoint in curve25519, see curve25519: ed25519, x25519 and ristretto255 RustCrypto/elliptic-curves#497. Unlikely to happen soon, so we are just re-exporting a type to fill that gap, to avoid having to wait for Rust specialization.

It introduces two types:

• Voprf trait, which extracts the SUITE_ID from Group. It also binds the SUITE_ID to a corresponding hash, which wasn't done before.
• Ristretto255, which implements Group, as it is unlikely that curve25519-dalek will implement the traits we need anytime soon.

Other changes:

• Re-ordered Group.
• Removed Group::zeroize() and used trait bound instead.
• Added HashMarker as a trait bound to H.
• Added Voprf as a trait bound to G.
• Changed SUITE_ID to u16 because it can't be bigger anyway.

See discussions in facebook/opaque-ke#254 and facebook/opaque-ke#250.
Builds on top of #48.