Bugfix
   * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
     A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
     could not be triggered by code that constructed A with one of the
     mbedtls_mpi_read_xxx functions (including in particular TLS code) since
     those always built an mpi object with at least one limb.
     Credit to OSS-Fuzz. Fixes #4641.