fflonk and shplonk improvements

[ivokub]

PR #498 added fflonk and shplonk batched commitment verification. As it is still experimental package then we left some issues unresolved for now:

• Use the polynomial package. It already has some methods implemented what we need and makes it imo relevant. Otherwise we copy-paste methods all over. And I think it also makes it nicer if we have []polynomial.Polynomial instead of [][]fr.Element etc.
• our implementation currently doesn't match the paper as we don't compute the n-th roots, but instead for given input we assume the input to be x^n and then take the corresponding roots. But in practice we have smooth modulus (2^n * other factors), so can use successive square roots. And because we code generate, then we can generate the full chain directly.
• instead of using []fr.Element for points in shplonk, we could define a structure a la struct Points { Pts []fr.Element, Shape shplonk.PointShape}. Depending on the shape of the points (they are roots of unity, or some known powers etc.) we can have different approaches for polynomial multiplication etc.
• add marshal roundtrip tests
• add gopter tests

cc @ThomasPiellard