Use a slightly faster computation for sqrt_ratio_i.

[nmathewson]

I found this on the CFRG mailing list: it seems correct, and the tests still pass. See comment for references, including CFRG discussion.

This improvement appears to have a modest improvement to Ed25519 decompression, at least for me on M1:

Benchmarking EdwardsPoint decompression Benchmarking EdwardsPoint decompression: Warming up for 3.0000 s Benchmarking EdwardsPoint decompression: Collecting 100 samples in estimated 5.0 058 s (1.4M iterations) Benchmarking EdwardsPoint decompression: Analyzing EdwardsPoint decompression time: [3.5282 us 3.5387 us 3.5494 us] change: [-2.1564% -1.8729% -1.5866%] (p = 0.00 < 0.05) Performance has improved.