Multisig: return errors instead of panicking on invalid curve points when delinearizing

[jsdanielh]

What's in this pull request?

Ed25519PublicKey::delinearize() called .unwrap() on curve point decompression, which panics when given 32-byte public keys that aren't valid Ed25519 points. Since Ed25519PublicKey construction only validates byte length, not curve membership, this is reachable from untrusted input in wallet and web-client multisig flows.

This replaces the panic with Result propagation through the delinearize call chain. verify_partial() now returns false on invalid keys, consistent with how verify() already handles them. Commitment::From<[u8; 32]> is changed to TryFrom.

Overall API impact is minimal since all external call sites in wallet and web-client already return Result or JsError, so the change just adds a ? at each call site without altering their public signatures.

Only client-side wallet code is affected — no consensus, validator, or network code uses the multisig delinearization path.

Pull request checklist

• All tests pass. The project builds and runs.
• I have resolved any merge conflicts.
• I have resolved all clippy and rustfmt warnings.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@nimiq/core@3713

commit: 75c7ec4