[ed25519] Optimize batch verification of ed25519-consensus by omitting the z_0 scalar

[kchalkias]

Z_0 can be safely set to 1 when batching. This allows for a 0.5% faster batch verification when verifying 32 sigs, and about 4.5% when batching 2 sigs. Note that batching 2 and 3 sigs might be applicable to digital certificate paths, which are usually 2-3 certs long. See preliminary results here: https://twitter.com/kostascrypto/status/1541313401787486209

[jonas-lj]

Note that the randomisation of the signatures is done inside the ed25519-consensus crate, so to implement this optimisation we will have to move that code (https://github.com/penumbra-zone/ed25519-consensus/blob/94763f4c156ff3b6dbb4d9a0cf27a52106c73d88/src/batch.rs#L149) to fastcrypto and then apply the necessary changes. Also, many of the used functions and fields are crate private, so we basically have to reimplement the batch verify function to do this.