Security
   * Fix a side channel vulnerability in modular exponentiation that could
     reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee,
     Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute
     of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul
     Strackx (Fortanix) in #3394.