Implement a Full Domain Hash (FDH) for RSA signatures and blind signatures

Implement a Full Domain Hash (FDH) for RSA signatures and blind signatures

This gives a measure of provable security to the Taler exchange/mint
against hypothetical one-more forgery attacks.  See:
  https://eprint.iacr.org/2001/002.pdf
  http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf

We seed the FDH with the denomination keys as as a homage to RSA-PSS.
This may slightly improves the exchanges's resistance to a violation
of RSA-KTI and against insiders who can influence the choice of RSA
keys but cannot actually exfiltrate them.

Adopting FDH fixes a bug when using 512 bit RSA keys as well.