fix: avoid panic on hardened derivation paths in PSBT key origins

[tnull]

Description

The verify_key closure in derive_from_psbt_key_origins called .expect() on xpub.derive_pub(), which panics when the derivation path contains hardened steps. Since PSBT data is untrusted, a maliciously crafted bip32_derivation entry with hardened steps could crash the application.

Replace the panic with graceful error handling by returning false on derivation failure.

Checklists

All Submissions:

• I've signed all my commits
• I followed the contribution guidelines
• I ran just p before pushing

Bugfixes:

• This pull request breaks the existing API
• I've added tests to reproduce the issue which are now passing
• I'm linking the issue being fixed by this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.24%. Comparing base (fb7681a) to head (507f08a).
⚠️ Report is 16 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #458      +/-   ##
==========================================
+ Coverage   80.04%   80.24%   +0.20%     
==========================================
  Files          24       24              
  Lines        5336     5346      +10     
  Branches      242      242              
==========================================
+ Hits         4271     4290      +19     
+ Misses        987      979       -8     
+ Partials       78       77       -1     

Flag	Coverage Δ
rust	80.24% <100.00%> (+0.20%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.