Add Curve25519 support.
* cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519. * tests/curves.c (N_CURVES): It's 22 now. * src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New. * cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New. * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New. * cipher/ecc.c (nist_generate_key): Handle the case of PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. (test_ecdh_only_keys, check_secret_key): Likewise. (ecc_generate): Support Curve25519 which is Montgomery curve with flag PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP. (ecc_encrypt_raw): Get flags from KEYPARMS and handle PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. (ecc_decrypt_raw): Likewise. (compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK. Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK.
With PUBKEY_FLAG_DJB_TWEAK, secret key has msb set and it should be
always multiple by cofactor.