slingshot and zkvm agreement

[burdges]

It'd be lovely to agree with slingshot's key tree derivation, but they do strange things like encourage intermediate derivations, and dropping chain codes, so doing so sounds awkward. https://github.com/stellar/slingshot/blob/main/keytree/keytree.md

We can however agree with their key serializations format by dropping out concerns about ed25519 private keys in #9 so that the same private and public keys work for both schnorrkel and zkvm.

I'm not so fond of their musig implementation in https://github.com/stellar/slingshot/tree/main/musig which seemingly does not enforce correct usage with session types, although it may enforce correct usage with runtime errors.

[burdges]

We cannot agree with their secret key serialization formats because the never serialize any seed for nonces. I'm unhappy doing that because I want both derandomization and randomized protections, so I'll close this now.

I did however make the default secret key serialization use the canonical bytes instead of the ed25519 compatible bit shifting, some anyone who wants compatibility with slingshot can just make up their own nonce seeds or whatever.