New system for generating provable prime numbers.

This uses all the facilities I've been adding in previous commits. It
implements Maurer's algorithm for generating a prime together with a
Pocklington certificate of its primality, by means of recursing to
generate smaller primes to be factors of p-1 for the Pocklington
check, then doing a test Miller-Rabin iteration to quickly exclude
obvious composites, and then doing the full Pocklington check.

In my case, this means I add each prime I generate to a Pockle. So the
algorithm says: recursively generate some primes and add them to the
PrimeCandidateSource, then repeatedly get a candidate value back from
the pcs, check it with M-R, and feed it to the Pockle. If the Pockle
accepts it, then we're done (and the Pockle will then know that value
is prime when our recursive caller uses it in turn, if we have one).

A small refinement to that algorithm is that I iterate M-R until the
witness value I tried is such that it at least _might_ be a primitive
root - which is to say that M-R didn't get 1 by evaluating any power
of it smaller than n-1. That way, there's less chance of the Pockle
rejecting the witness value. And sooner or later M-R must _either_
tell me I've got a potential primitive-root witness _or_ tell me it's
shown the number to be composite.

testcrypt.c

@@ -378,6 +378,9 @@ static const PrimeGenerationPolicy *get_primegenpolicy(BinarySource *in)
         const PrimeGenerationPolicy *value;
     } algs[] = {
         {"probabilistic", &primegen_probabilistic},
+        {"provable_fast", &primegen_provable_fast},
+        {"provable_maurer_simple", &primegen_provable_maurer_simple},
+        {"provable_maurer_complex", &primegen_provable_maurer_complex},
     };
 
     ptrlen name = get_word(in);