Add a new constant-time is_zero() check for RsaIdentity

There are some places in the protocol where we have an all-zero RSA identity that does not truly represent a key, but rather represents an absent or unknown key. For these, it's better to use RsaIdentity::is_zero instead of manually checking for a set of zero bytes: it expresses the intent better, and ensures that the operation is constant-time.

I am deliberately not introducing a more general IsZero trait here, or implementing is_zero for anything else: This is the only one we seem to need right now. We can generalize it later if we have to.