k256: recoverable::Signature::recover_verify_key_from_digest_bytes

[tarcieri]

Adds a recover_verify_key_from_digest_bytes method which operates on a byte array that's allegedy the digest of the message used to produce a given signature.

Where *Verifier methods carry the risk of a signature forgery if they operate on something that's not a message digest (since this violates ROM under which ECDSA derives its security), there isn't a similar risk for public key recovery: the best an attacker can do is force recovery of a bogus key, and all recovered public keys are inherently untrusted until they can be validated against a key fingerprint. So this method doesn't have similar misuse concerns as signature verification.

[codecov-commenter]

Codecov Report

Merging #205 into master will decrease coverage by 0.03%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #205      +/-   ##
==========================================
- Coverage   58.70%   58.67%   -0.04%     
==========================================
  Files          25       25              
  Lines        3775     3777       +2     
==========================================
  Hits         2216     2216              
- Misses       1559     1561       +2     

Impacted Files	Coverage Δ
k256/src/ecdsa/recoverable.rs	59.74% <100.00%> (+1.07%)	⬆️
k256/src/arithmetic/scalar.rs	77.86% <0.00%> (-0.77%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0f02ba7...9aa3fd9. Read the comment docs.