Improve supply chain security by switching to better dependencies

[paulmillr]

Those deps from crypto package:

    "@types/elliptic": "^6.4.13",
    "elliptic": "^6.5.0",
    "hash.js": "^1.1.5",
    "hmac-drbg": "^1.0.1",
    "pbkdf2": "^3.0.16",
    "scrypt-js": "^3.0.1",
    "scryptsy": "^2.1.0",
    "sodium-randbytes": "0.14.0",

and their sub-dependencies (10+?) can be replaced by @noble/secp256k1, @noble/hashes — just two packages. This is what ethereum, solana, etc - did.

Every package is potential security vulnerability, because maintainers could get hacked and their packages could be replaced with malware. Elliptic also had 2 CVEs, which is pretty bad.

schnorr.ts can be replaced by built-in schnorr from @noble/secp256k1.