Restrict questionable `Secret/PublicKey`s

[daxpedda]

Currently the scalar zero is not allowed to be a SecretKey and the identity point is not allowed to be a PublicKey. This makes sense not only because the specification doesn't allow it, but because any algorithm/protocol would not work correctly.

However, SecretKey is allowed to be 1, which generates a PublicKey which is the generator point. It might be reasonable to restrict those values as well.

This would make interacting with NonZeroScalar and NonIdentity difficult and would at least partly invalidate their functionality, unless they also don't allow these values.

As discussed in #1832.

[tarcieri]

Can you find any precedent for implementations which reject the generator as a public key?

[daxpedda]

I did not.

I'm fine with this being closed btw, I just opened it as suggested in #1832. But my first thought was to look for precedent as well.

[tarcieri]

While we could potentially make a method that checks for weak keys that could incorporate some of those ideas, I don't think we should hard reject things which are valid multiples of the generator