Merge branch 'dirty-merge-dash-0.11.0' of https://github.com/Infernoman/bitcoin into dash-merge-0.12.0.x

Secp ecdsa

[squashme] replace struct CCainCode with a typedef uint256 ChainCode

libsecp256k1's API changed, so update key.cpp to use it.

Libsecp256k1 now has explicit context objects, which makes it completely thread-safe.
In turn, keep an explicit context object in key.cpp, which is explicitly initialized
destroyed. This is not really pretty now, but it's more efficient than the static
initialized object in key.cpp (which made for example bitcoin-tx slow, as for most of
its calls, libsecp256k1 wasn't actually needed).

This also brings in the new blinding support in libsecp256k1. By passing in a random
seed, temporary variables during the elliptic curve computations are altered, in such
a way that if an attacker does not know the blind, observing the internal operations
leaks less information about the keys used. This was implemented by Greg Maxwell.

Pagelocker is only needed for secure (usually wallet) operations, so don't make
the zero-after-free allocator depend on it.

Instead of manually tweaking the deterministic nonce post-generation,
pass the test case number in as extra entropy to RFC6979.

This was added a while ago for testing purposes, but was never intended to be
used. Remove it until upstream libsecp256k1 decides that verification is
stable/ready.