Merlin transcript RNG

[noot]

Right now, sign and verify won't interoperate with don't fully match the implementation in rust library, since in rust schnorrkel uses the transcript RNG to generate randomness when signing. The Go merlin library we're using doesn't have that yet: see https://github.com/gtank/merlin/issues/2

See: https://github.com/w3f/schnorrkel/blob/798ab3e0813aa478b520c5cf6dc6e02fd4e07f0a/src/sign.rs#L161 https://github.com/w3f/schnorrkel/blob/798ab3e0813aa478b520c5cf6dc6e02fd4e07f0a/src/context.rs#L153 for the relevant code in schnorrkel.