[WIP] k256: implement Scalar::sqrt

Implements Tonelli-Shank's algorithm for q mod 16 = 1 as synthesized
using the `ff_derive` crate, similar to #392 which implements it for the
`p256`.

Like `p256`, as part of implementing this it was discovered that
`root_of_unity()` was incorrect. Here it is (re)calculated with sage:

    sage: n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
    sage: GF(n).primitive_element()
    7
    sage: s = 6
    sage: t = (n - 1) >> s
    sage: power_mod(7,t,n)
    5480320495727936603795231718619559942670027629901634955707709633242980176626

Note that the value was computed correctly originally, but the hex
digits were shifted such that the resulting value was left shifted by
4-bits. This has now been corrected.

Author: tarcieri