This avoids that the SHA256 implementation would produce wrong paddings
and thus wrong digests for messages of length >= 2^32 bytes on 32-bit
platforms.

This is not exploitable in any way since the SHA256 API is an internal
API and we never call it with that long messages.

Add test vector for very long SHA256 messages

The vector has been taken from https://www.di-mgt.com.au/sha_testvectors.html.
It can be independently verified using the following Python code.

h = hashlib.sha256()
for i in range(1_000_000):
    h.update(b'a')
print(h.hexdigest())

Add SHA256 bit counter tests

This is a backport of secp256k1#731

ninja check-secp256k1