Add Swift script for bumping dependency libsecp256k1

[Sajjon]

Usage:

just bump-dep

or dry run:

just bump-dep true

[Copilot]

Pull request overview

This PR introduces a Swift-based helper tool and associated just recipe to automate updating the libsecp256k1 submodule, and aligns the documentation and README around this new workflow.

Changes:

• Add a standalone Swift executable package (scripts/update-libsecp) that discovers the libsecp256k1 submodule, checks out the latest tag, runs tests, updates the README version line, and (optionally) creates a branch, commits, and pushes.
• Wire the tool into the developer workflow via a new bump-dep just recipe and README instructions, plus ignore the tool’s build artifacts in .gitignore.
• Document the manual update procedure in UPDATE_DEPENDENCY.md, keeping it in sync with the automated tool.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
scripts/update-libsecp/Sources/UpdateLibsecp/main.swift	Implements the CLI, core workflow for updating the submodule and README, and subprocess helpers for running git/swift commands.
scripts/update-libsecp/Package.swift	Declares the new SwiftPM executable package and its dependency on swift-subprocess.
justfile	Adds a bump-dep recipe that runs the new tool, with an optional dry-run mode wired to --dry-run.
UPDATE_DEPENDENCY.md	Documents the manual step-by-step process to update the libsecp256k1 submodule, matching the behavior of the new script.
README.md	Normalizes the documented libsecp256k1 version format (tag + commit, release URL) and adds quick instructions for using just bump-dep.
.gitignore	Excludes the helper package’s .build, .swiftpm, and Package.resolved from version control.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The comment // Reset submodule change if dry run is misleading because the git submodule update command is executed unconditionally, regardless of dryRun. Either guard this block with dryRun or adjust the comment to describe that this call always re-syncs the submodule state with the superproject (and happens to revert the temporary checkout in dry-run mode).

[Copilot]

Here the instructions say to save the output into OLD_VERSION, but the shell snippets below reference $CURRENT_VERSION, which will confuse anyone following the guide. Use a consistent variable name in both the prose and the code examples (e.g. change $CURRENT_VERSION to $OLD_VERSION in the shell snippets).

Suggested change

	OLD_COMMIT=$(printf '%s\n' "$CURRENT_VERSION" | awk '{print $1}')
	OLD_TAG=$(printf '%s\n' "$CURRENT_VERSION" | awk -F'[()]' '{print $2}')
	OLD_COMMIT=$(printf '%s\n' "$OLD_VERSION" | awk '{print $1}')
	OLD_TAG=$(printf '%s\n' "$OLD_VERSION" | awk -F'[()]' '{print $2}')

[Copilot]

branchAtStart is accepted as a parameter but never used inside proceed, which will trigger an unused-parameter warning and makes the intent of this argument unclear. If it's not needed, remove it; otherwise, wire it into the logic (for example by passing it through to cleanUp if that was the original intention).

[Copilot]

The commit message currently interpolates the entire Version struct (\(newVersion)), which will result in a verbose string like Version(tag: "v0.7.1", commit: "…") instead of the documented format "$LATEST_TAG ($NEW_COMMIT)". To keep commit messages concise and consistent with UPDATE_DEPENDENCY.md, build the message from newVersion.tag and newVersion.commit explicitly.

Suggested change

	"Update libsecp256k1 dependency to \(newVersion) [all unit tests passed]"
	"Update libsecp256k1 dependency to \(newVersion.tag) (\(newVersion.commit)) [all unit tests passed]"