RSA: Support RSA key pairs where q < p without converting to p > q.

[briansmith]

Previously we swapped p and q and calcualted a new qInv if p < q so that we could avoid doing a redunction during the CRT computation. Instead, just do the reduction during CRT as it's cheap. This notably reduces the number of operations we need in bigint, and it eliminates the need for the Prime modulus marker type.

Now there are more things that can go wrong during CRT. First, we may wrongly forget to reduce m_2 mod p; before this wasn't necessary since every element of q was an element of p. Next, we may wrongly use the the value of m_2 mod p instead of m_2 later; before we could do this since previously m_2 mod p == m_2 since m_2 < q < p. Add tests for these cases.

Rewrite the tests for elem_reduced_once given its new constraints.

[codecov]

Codecov Report

Merging #1802 (cd491c9) into main (23975ff) will increase coverage by 0.02%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1802      +/-   ##
==========================================
+ Coverage   96.01%   96.03%   +0.02%     
==========================================
  Files         137      137              
  Lines       20755    20747       -8     
  Branches      226      226              
==========================================
- Hits        19927    19924       -3     
+ Misses        794      789       -5     
  Partials       34       34              

Files	Coverage Δ
src/arithmetic/bigint.rs	99.16% <100.00%> (-0.01%)	⬇️
src/arithmetic/bigint/modulus.rs	99.18% <ø> (-0.04%)	⬇️
src/arithmetic/bigint/private_exponent.rs	100.00% <ø> (ø)
src/arithmetic/nonnegative.rs	100.00% <ø> (ø)
src/rsa/keypair.rs	97.34% <100.00%> (+0.20%)	⬆️

... and 2 files with indirect coverage changes

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!