ed25519 v1.0.1: important security fix

Due to a bug in calculating carry in modulo reduction that used bit operations on integers larger than 32 bits, @stablelib/ed25519 could have created incorrect signatures.

This only affects signing, not verification.

Originally reported at dchest/tweetnacl-js#187