Change path protection

[TamtamHero]

This feature prevents change path attacks.
Let's say the Bob's computer is now compromised and controlled by an attacker.
The next time Bob wants to send bitcoin, the attacker will stream a legit transaction to Bob's hardware wallet, except the change address requested will be derived from a hard to retrieve change path.
Such a path would be for instance: 44'/0'/234454354'/545343432/4654657657
As the transaction is valid and the change path is not displayed on the hardware wallet screen, there is no reason for Bob not to approve the request.
The attacker has the freedom to choose any number for the last 8 elements of the change path (Ledger allows up to 10 elements in a BIP32 path). Each of these elements are 32 bits long, which leaves Bob with 2^256 possible paths to explore to retrieve his funds in the worst case, which is not possible to achieve.
This path is not saved anywhere once the transaction is signed, so there is no other option than to do a brute-force search on the derivation space to recover the funds sent there, which is statistically unlikely to succeed.
The attacker can then ransom Bob, asking for money in exchange of the change path where Bob's money is located.

This PR adds a check when a change path with unusual index is requested by the host computer.
In the case of a BIP44 compliant path, if the account index is superior to 100, or the change is different from 1, or the address index is beyond 50 000, then a warning is displayed on the device's screen, asking for user confirmation and showing the change path.
If the path is not BIP44 compliant, then the warning is displayed no matter the values it carries.