[ HumanjavaEnterprises/nostr-nsec-seedphrase ] fix: memory zeroing, Schnorr signatures, and 32-byte key derivation

HIGH fixes:
- Zero Uint8Array buffers containing entropy/private key bytes after use
  (.fill(0) on all intermediate key material in 4 files)
- Replace ECDSA secp256k1.sign/verify with schnorr.sign/verify (NIP-01
  requires BIP-340 Schnorr signatures, not ECDSA)
- Hash 16-byte mnemonic entropy to 32 bytes via SHA-256 in core/keys.ts
  (was returning raw entropy as private key — invalid for secp256k1)

https://github.com/HumanjavaEnterprises/nostr-nsec-seedphrase/commit/033eae710a760e987b8ac172e894d87f79d519f4