Ensure that FROST shares don't have small-order components

[str4d]

If a signing party includes a small-order component in their share such that ak is generated with a small-order component, then every rk (for every transaction signed with that ak) will have the same small-order component, enabling those transactions to be linked (to within 1-in-7, but that is still a big hit to spend unlinkability).

• https://github.com/ZcashFoundation/redjubjub/blob/main/src/frost.rs#L218
• https://docs.rs/group/0.9.0/group/cofactor/trait.CofactorGroup.html#method.is_small_order