Fixes for RSA and ElGamal

[NIIBE Yutaka]

NIIBE Yutaka <gniibe at fsij.org> wrote:
> In master, I pushed my fixes for RSA and ElGamal.

And then, thanks to Jussi, more fixes are pushed for constant time
operations and their use cases in the implementation.  Those are applied
to 1.10 branch, too.

Once, I introduced POSSIBLE_CONDITIONAL_BRANCH_IN_BYTE_COMPARISON, but
it was removed to prefer having same code for every architecture.

For those who build libgcrypt with MSVC, you may see the difference.
--