Poplar1: reject empty first round prepare message immediately

[divergentdave]

Currently, when prep_next() handles the first round prepare message, it replaces an empty message with three zeros, before continuing on with sketching. Stepping backwards, prep_shares_to_prep() just adds shares of a vector of three elements together and returns it. Previously, it used to encode vectors of zeros as the empty string, see #363 (comment). I think getting three zero field elements in the first round of sketching is highly unlikely. Since prep_shares_to_prep() won't return None on the first round, then we can remove this special case, reject empty prepare messages on this round, and stop continuing to verify a sketch of zeros.