Use `group::Wnaf` to accelerate `sinsemilla::CommitDomain::commit`

Performance improvements:
- Commit^ivk: ~31%
- NoteCommit: ~22%

src/primitives/sinsemilla.rs

@@ -1,6 +1,6 @@
 //! The Sinsemilla hash function and commitment scheme.
 
-use group::prime::PrimeCurveAffine;
+use group::{prime::PrimeCurveAffine, Wnaf};
 use halo2::arithmetic::{CurveAffine, CurveExt};
 use pasta_curves::pallas;
 use subtle::CtOption;
@@ -174,7 +174,7 @@ impl CommitDomain {
         msg: impl Iterator<Item = bool>,
         r: &pallas::Scalar,
     ) -> CtOption<pallas::Point> {
-        (self.M.hash_to_point_inner(msg) + self.R * r).into()
+        (self.M.hash_to_point_inner(msg) + Wnaf::new().scalar(r).base(self.R)).into()
     }
 
     /// $\mathsf{SinsemillaShortCommit}$ from [§ 5.4.8.4][concretesinsemillacommit].