feat(schnorr): add support for schnorr signatures

[kewde]

I won't be continuing this work but it's a good base for anyone else.

• Needs a fix for elliptic - reject overflowing secret keys.
• Only on test vector was ported - should be all of them.
• Browser fallback for schnorr with elliptic is not included in this PR.

helps solve #164

[junderw]

nit: This will allow an odd-Y DER pubkey to verify true against a schnorr signature when technically xonly pubkeys are always assumed to be even. Currently this is achieved by throwing away the parity bit in the code.

While this is pretty understandable for signing (the C library will automatically negate the private key if Y is odd) verification should be stricter IMO.

I am asking the library "Does this pubkey verify the signature X" and if the Y is odd, we're flipping the pubkey to a different pubkey before returning true... we would need to widen the definition of what "pubkey" means in the context of this function alone to mean "Either the given pubkey or its inverse"

To reduce confusion on this point, I think only the xonly (32 length) pubkey should be accepted.

[junderw]

Alternatively we could check the DER pubkeys for evenness and return false/throw. (check first byte is 0x02 for 33 length, check that pubkey[64] & 1 === 0 for 65 length)

[kewde]

That makes sense - test vector 3 requires negation of the seckey therefore I assumed it was fine.
https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.py#L73-L85

[junderw]

That outputs a 32 byte xonly pubkey hex to the csv.
Like I said, automatically flipping to even when signing is fine. It's during verification that you need to be more strict.

[Selarun15]

0xa170ecfc733473C7c757185fEb279Bf282D83CDa