Before, invert_elligator would invert to a gf, which wouldnt be a uniformly
random string because, eg, curve25519 gfs only have 255 bits out of 256.
Now add a random multiple of p.  This still wont work for future curves
that have a field size of 1 mod 8, because those curves use elligator with
no high bit set, but its a start