Add optional UltrafastSecp256k1 backend (opt-in, default unchanged)

The recent updates to the Schnorr signature verification method in the secp256k1 cryptographic library have introduced significant enhancements that enhance its functionality and compatibility. Previously, the secp256k1_schnorrsig_verify function within the shim was limited to processing messages of exactly 32 bytes. However, modifications have now made it possible for this function to accept messages of any length. This change aligns with the behavior of the main libsecp256k1 implementation, where the challenge computation for the BIP-340 is derived using the hash function H_BIP0340/challenge(R.x || P.x || msg[:msglen]). The adjustment facilitates greater flexibility while maintaining an optimized path for the fixed-length code when dealing with 32-byte messages.

Furthermore, a comprehensive audit was conducted on the CAAS suite against the libsecp256k1 itself, employing several scripts via a thin reverse bridge shim to verify the integrity and reliability of the cryptographic procedures implemented. The results from these tests were promising, indicating robustness across various checks: all 27 cases of invalid input grammar passed, all 202 RFC 6979 spec verifications matched perfectly, no nonce bias was detected in the 5,000 samples (with a probability of 0.29), and all 2,800 checks for semantic properties were successful. Notably, wherever libsecp256k1 implements features, the tests confirmed their correct cryptographic behaviors. The only exceptions were related to BIP-32 cases, which were skipped as advised due to the lack of a BIP-32 module in libsecp256k1. These results not only validate the methodology employed but also demonstrate the reliability of the cryptographic implementations in both libsecp256k1 and UltrafastSecp256k1.