Clear _gej instances after point multiplication to avoid potential leaks

Quoting sipa (see bitcoin-core#1479 (comment)):
"When performing an EC multiplication A = aG for secret a, the resulting
 _affine_ coordinates of A are presumed to not leak information about a (ECDLP),
  but the same is not necessarily true for the Jacobian coordinates that come
  out of our multiplication algorithm."

For the ECDH point multiplication result, the result in Jacobi coordinates should be
cleared not only to avoid leaking the scalar, but even more so as it's a representation
of the resulting shared secret.

Author: theStack

src/modules/ecdh/main_impl.h

@@ -66,6 +66,7 @@ int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const se
     secp256k1_memclear(y, sizeof(y));
     secp256k1_scalar_clear(&s);
     secp256k1_ge_clear(&pt);
+    secp256k1_gej_clear(&res);
 
     return !!ret & !overflow;
 }

src/modules/musig/session_impl.h

@@ -450,6 +450,7 @@ int secp256k1_musig_nonce_gen_internal(const secp256k1_context* ctx, secp256k1_m
         secp256k1_ge_set_gej(&nonce_pts[i], &nonce_ptj);
         secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts));
         secp256k1_scalar_clear(&k[i]);
+        secp256k1_gej_clear(&nonce_ptj);
     }
     /* None of the nonce_pts will be infinity because k != 0 with overwhelming
      * probability */

src/modules/schnorrsig/main_impl.h

@@ -189,6 +189,7 @@ static int secp256k1_schnorrsig_sign_internal(const secp256k1_context* ctx, unsi
     secp256k1_scalar_clear(&k);
     secp256k1_scalar_clear(&sk);
     secp256k1_memclear(seckey, sizeof(seckey));
+    secp256k1_gej_clear(&rj);
 
     return ret;
 }

src/secp256k1.c

@@ -597,6 +597,7 @@ static int secp256k1_ec_pubkey_create_helper(const secp256k1_ecmult_gen_context
 
     secp256k1_ecmult_gen(ecmult_gen_ctx, &pj, seckey_scalar);
     secp256k1_ge_set_gej(p, &pj);
+    secp256k1_gej_clear(&pj);
     return ret;
 }