crypto/internal/nistec: use mixed addition in purego ScalarBaseMult

crypto/internal/nistec: use mixed addition in purego ScalarBaseMult

The affine addition formula is significantly faster, and sets us up to
reuse the precomputed table from the assembly implementation.

This is an incremental step towards converging the purego and assembly
implementations, with the goal of eventually merging them.

Very proud of how the conditional AddAffine avoids the whole zero/sel
cmov dance, compared to the same logic in the assembly implementation.

Change-Id: Iab008e81869cf8c1565b938e4dd392dd4d5787fd
Reviewed-on: https://go-review.googlesource.com/c/go/+/627938
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>