fix(crypto): harden cryptographic validation and security

[Federico2014]

What does this PR do?

This PR hardens the security and robustness of cryptographic subsystems in java-tron across five areas:

1. Remove unused topicsList from shielded TRC20 log APIs – eliminates dead parameter that leaked internal state from ScanShieldedTRC20NotesByIvk/Ovk HTTP endpoints and RPC services.
2. Shielded transaction API security enhancement – tightens input validation and parameter handling in Wallet, ZenTransactionBuilder, ShieldedTRC20ParametersBuilder, and related servlets to prevent malformed or malicious inputs from reaching the ZK proof layer.
3. SM2 robustness and deterministic signatures – rewrites SM2 and SM2Signer to enforce deterministic RFC 6979 nonce generation, validate curve points on deserialization, and reject weak or low-order keys.
4. ECKey input validation – adds strict validation on public key coordinates, rejects infinity/low-order points, and enforces bounds on all deserialized key material.
5. Signature and private key validation – hardens ECKey, Rsv, and SignUtils to reject out-of-range scalars, invalid recovery IDs, and malformed signature encodings before they reach the native crypto layer.

Why are these changes required?

These fixes address a class of signature malleability and input validation vulnerabilities where crafted inputs could bypass cryptographic checks, produce incorrect signatures, or expose internal data through API responses. Hardening these layers reduces the attack surface on both the node and its RPC/HTTP API surface.

This PR has been tested by:

• Unit Tests (ECKeyTest, SM2KeyTest, ShieldedTRC20BuilderTest, WalletMockTest, ShieldedTransferActuatorTest, RpcApiServicesTest, ArgsTest)
• Manual Testing

Follow up

Consider fuzzing the signature verification path with property-based tests.

Extra details

• Removes sprout-verifying.key binary artifact from the repository root.
• Proto: api.proto updated to remove deprecated topicsList fields from shielded scan responses.