ec-info: Better checking of embedding degrees.

Replace the rather cheap embedding degree check with a more
sophisticated analysis.

  * Use the new key-size conversions from keysz-conv.c to determine a
    suitable embedding degree.

  * Following L. Hitt's paper, we ensure that no field with the same
    characteristic as the curve field is sufficiently small to cause
    concern; the old algorithm just checked extensions of the curve
    field, which can miss the smallest possible target field.

  * This involves a rather fancy algorithm which partially factors the
    curve order r - 1, making use of the new prime iteration code.

Still to do on this:

  * Work out how to identify curves where pairings will help an attacker
    solve the DDH problem.

  * Provide a mechanism for passing parameters to checking functions.