perf: Consider using saturated 64-bit limbs for the field arithmatic

[Yawning]

During the external review it was pointed out that the field multiply, square, and inverse would gain some performance if the implementation used 64-bit saturated limbs. Since the relevant math/bits intrinsics expose the equivalent of the carry and borrow flag, this should be possible to implement in a portable manner.

A cursory examination of the paper this would be based on suggests that the gains in the portable case would be < 5%, with more substantial gains if BMI2 was used, so this is low priority for now, as any system with BMI2 will also have AVX2.