Add MuSig2 module

[jonasnick]

I think a module for MuSig2 would be in the scope of libsecp256k1. Its relevance for the Bitcoin ecosystem is demonstrated by several factors:

• MuSig2 is already being adopted for Bitcoin payments.
• I have been inquired by various Lightning and (hardware) wallet developers about if and when MuSig2 will be in libsecp.
• Various developers of LN and (hardware) wallets have inquired about the integration of MuSig2 into libsecp and its timeline.
• There are specifications that depend on MuSig2, such as the "simple taproot channels" BOLT and MuSig2 PSBT and descriptor BIPs.

MuSig2 has a detailed specification (with reference code and test vectors) and security proofs.

I suggest to copy the MuSig2 module from libsecp256k1-zkp which has already undergone significant review. I volunteer to do this. We should, however, remove the functions for MuSig2 adaptor signatures as they lack both a specification and a satisfactory security proof.