crypto/ecdsa: Adjust entropy bounds

[soatok]

Matching the entropy for an ECDSA signature to the ECDLP attack cost of the curve might make intuitive sense, but the birthday bound for a random function is Q(sqrt(N)), so we're matching a square root of a square root. For P-224 (ECDLP security of 112 bits), this doesn't yield a birthday bound of 112 bits, it yields a birthday bound of 56 bits.

This patch changes the formula to produce roughly double the expected entropy (by changing the divisor from 16 to 8), while requiring at least 256 bits. In case of weird cure support, this patch also caps the entropy at 512 bits. The variability between the two will mostly be observed with curves in between the two bounds (i.e. NIST P-384, which many users expect to offer a 192-bit security level anyway).

This PR will be imported into Gerrit with the title and first
comment (this text) used to generate the subject and body of
the Gerrit change.

Please ensure you adhere to every item in this list.

More info can be found at https://github.com/golang/go/wiki/CommitMessage

• The PR title is formatted as follows: net/http: frob the quux before blarfing
  • The package name goes before the colon
  • The part after the colon uses the verb tense + phrase that completes the blank in,
    "This change modifies Go to ___________"
  • Lowercase verb after the colon
  • No trailing period
  • Keep the title as short as possible. ideally under 76 characters or shorter
• No Markdown
• The first PR comment (this one) is wrapped at 76 characters, unless it's
  really needed (ASCII art, table, or long link)
• If there is a corresponding issue, add either Fixes #1234 or Updates #1234
  (the latter if this is not a complete fix) to this comment
• If referring to a repo other than golang/go you can use the
  owner/repo#issue_number syntax: Fixes golang/tools#1234
• We do not use Signed-off-by lines in Go. Please don't add them.
  Our Gerrit server & GitHub bots enforce CLA compliance instead.
• Delete these instructions once you have read and applied them

[google-cla]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[soatok]

@googlebot I signed it!

[gopherbot]

This PR (HEAD: 7d0d336) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/352471 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Go Bot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://golang.org/doc/contribute.html#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11 or adds a tag like "wait-release", it means that this CL will be
reviewed as part of the next development cycle. See https://golang.org/s/release
for more details.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/352471.
After addressing review feedback, remember to publish your drafts!