Express Maj with 2 XORs instead of 5

[mitschabaude]

constraints for 3 hashes: 18.8k -> 15.8k

speeds up Maj with the formula:

Maj(x, y, z) = (x & y) ^ (x & z) ^ (y & z) = 1/2 * (x + y + z - (x ^ y ^ z))

the first version is what we originally used, but needs 5 XORs, the second/new version only needs 2 XORs and also fewer generic gates.

also, speeds up Ch thanks to:

Ch(x, y, z) = (x & y) ^ (~x & z) = (x & y) + (~x & z)

the insight here was that we can use the second formula (+ instead of XOR) because the terms have no overlapping 1 bits.

third speed-up comes from using faster range checks for the quotient in divMod32 when used for addition mod 32. the existing 32 bit check (which uses 2.5 rows) is a good default because it supports all inputs up to 64 bits, for example resulting from 32x32 bit multiplication. But addition can only overflow by 1 bit, so we can use the boolean check which only uses 0.5 rows. For longer sums we can use the 16-bit check which uses 1 row.

in general, it seems reasonable to allow specifying the quotient bits as an extra argument in divMod32