btcec/schnorr: don't check message length, add test vectors

[aakselrod]

Change Description

Per bitcoin/bips@200f9b2 there is no longer a requirement to check message length when signing or verifying BIP-0340 Schnorr signatures. This commit updates the signing and verification algorithm and adds test vectors from the BIP for arbitrary-length messages.

Steps to Test

Check the added test vectors against the ones in BIP-0340, then run the unit tests for the btcec/schnorr directory. The tests already automatically run in CI.

Pull Request Checklist

Testing

• Your PR passes all CI checks.
• Tests covering the positive and negative (error paths) are included.
• Bug fixes contain tests triggering the bug to prevent regressions.

Code Style and Documentation

• The change is not insubstantial. Typo fixes are not accepted to fight bot spam.
• The change obeys the Code Documentation and Commenting guidelines, and lines wrap at 80.
• Commits follow the Ideal Git Commit Structure.
• Any new logging statements use an appropriate subsystem and logging level.

📝 Please see our Contribution Guidelines for further guidance.

[aakselrod]

Currently I've commented out the code paths I've eliminated, but happy to fully erase them if that's preferred. I can also renumber the signing/verification algorithm steps if desired.

Alternatively, I could also gate this behind a functional option so the length check is still done by default unless the option is included. The option could pass in an expected length, or just allow arbitrary length if specified.

The desired application is that I'm writing a btcec-based implementation of the ChillDKG BIP which requires a 4-byte message to be signed.

An aside: there's also a requirement in ChillDKG to use different tags for the tagged hashes than what's specified by BIP-0340. I'll address that in a followup PR by passing in the alternate tags as functional options and make it clear that those options aren't for use with Bitcoin consensus/transaction signing.