{sign|verify}message replacement

In an email exchange, Kalle Rosenbaum expressed concerns about the possibility of a soft fork allowing old nodes to accept invalid message signatures as valid. He used the example of a signer using a witness version unknown to the verifier to fool them. However, the scriptPubKey is derived directly from the address in all cases which would mean that the unknown witness version would have to be committed to the address itself. Luke Dashjr suggested a new signature format with additional features, including "proof of funds," which could avoid disclosing public keys for future UTXOs. Anthony Towns suggested that old nodes should check for standardness of the spending script and report nonstandard scripts as either invalid outright or highly questionable to prevent confusion. A warning would also be useful in case the verifier is running old software.