It would be a real pain to get these through grinding, but we can do a
cheat by specifying an arbitrary DER signature and then using recovery to
get the required public key that makes it valid. This only works if the public
key is in scriptSig, so these aren't exactly secure locking scripts.
This adds a test before/after Schnorr flag activation showing that the same
valid 64-byte ECDSA signature gets rejected upon activation. Also tests 63/65
bytes. We knew how to do this before the upgrade of course (credit to Florian
for pointing out the mechanism), but didn't want to give people any ideas that
would spoil retroactivity.
This will come in handy for multisignature tests.
For fun, a test is included that uses ECDSA's quirky wrapped r value; this
can only occur for r <= 0x14551231950b75fc4402da1722fc9baed so it is basically
impossible to happen in normal spends.