fix(consensus): Verify consensus branch ID in SIGHASH precomputation

[upbqdn]

Motivation

Close #9089.

Specifications & References

§ 4.10 SIGHASH Transaction Hashing

[NU5 only, pre-NU6] All transactions MUST use the NU5 consensus branch ID 0xF919A198 as defined in ZIP-252.

[NU6 only] All transactions MUST use the NU6 consensus branch ID 0xC8E71055 as defined in ZIP-253.

Solution

• Implement a check ensuring compliance with the consensus rules listed above. This check makes the tx SIGHASH precomputation panic if the tx contains an invalid value in its nConsensusBranchId field. This precomputation is implemented in zebra-chain, and is used by the tx verifier in zebra-consensus and by the transparent script verifier in zebra-script, but this verifier is only called from the tx verifier. It might be worth optimizing this, but that is currently not possible, as described in Compute the tx SIGHASH only once per tx verification #9165. The panic should never occur in regular use because the tx verifier implements another consensus branch ID check according to another consensus rule implemented here: https://github.com/zcashfoundation/zebra/blob/05a9b6171ccbc06bcc888470e4be8a60b1d574ef/zebra-consensus/src/transaction/check.rs#L513-L552, which takes effect early on and doesn't panic.
• Add new error types in zebra-chain.
• Pass NetworkUpgrade instead of ConsensusBranchId to the SIGHASH precomputation and tx conversion.
• Use TryFrom instead of ad-hoc functions for conversion.
• Remove a redundant TryFrom<&Transaction> for zcash_primitives::transaction::Transaction

Tests

• Add tests that check that tx verification fails when a tx attempts to use an invalid consensus branch id.

PR Author's Checklist

• The PR name will make sense to users.
• The PR provides a CHANGELOG summary.
• The solution is tested.
• The documentation is up to date.
• The PR has a priority label.

PR Reviewer's Checklist

• The PR Author's checklist is complete.
• The PR resolves the issue.