proposal: add ed25519 to curve25519 conversion functions

[baha-ai]

As per this comment:
agl/ed25519#24 (comment)

It would be much appreciated if the original functions that were hosted at (now gone in favour of crypto/ed25519 package):
https://github.com/agl/blob/master/ed25519/extra25519/extra25519.go
for converting ed25519 keys into curve15519 keys to be hosted in here, or somewhere in /x/crypto/ed25519 (or x/crypto/extra25519) if they are not suitable for the core library.

Namely, these functions are needed:

// PrivateKeyToCurve25519 converts an ed25519 private key into a corresponding
// curve25519 private key such that the resulting curve25519 public key will
// equal the result from PublicKeyToCurve25519.
func PrivateKeyToCurve25519(curve25519Private *[32]byte, privateKey *[64]byte) {
	h := sha512.New()
	h.Write(privateKey[:32])
	digest := h.Sum(nil)

	digest[0] &= 248
	digest[31] &= 127
	digest[31] |= 64

	copy(curve25519Private[:], digest)
}

and

// PublicKeyToCurve25519 converts an Ed25519 public key into the curve25519
// public key that would be generated from the same private key.
func PublicKeyToCurve25519(curve25519Public *[32]byte, publicKey *[32]byte) bool {
	var A edwards25519.ExtendedGroupElement
	if !A.FromBytes(publicKey) {
		return false
	}

	// A.Z = 1 as a postcondition of FromBytes.
	var x edwards25519.FieldElement
	edwardsToMontgomeryX(&x, &A.Y)
	edwards25519.FeToBytes(curve25519Public, &x)
	return true
}

I think many projects are currently using these functions and now hit a wall because the original repo has been removed.

[FiloSottile]

Duplicate of #20504.