Prevent secp256k1@4.x from mutating internal values

[alcuadrado]

Hi,

We discovered a small bug in this library when integrating it into ethereumjs-wallet. You can read more about it here: https://github.com/ethereumjs/ethereumjs-wallet/pull/127

The problem was that secp256k1 v4 mutates some values in place. v3 didn't. When upgrading this library, these method calls weren't updated so deriving a child key was sometimes modifying the private/public keys.

This PR fixes this bug, and adds some tests to prevent it from happening again.

[junderw]

after publishing v2.0.1, I would consider depublishing v2.0.0 even...

[junderw]

@jprichardson @RyanZim

[alcuadrado]

I think there's a small window of time to unpublish a version, which probably has closed. I think npm does exceptions if you contact their support channels though.

[RyanZim]

Published in 2.0.1

[RyanZim]

Deprecated hdkey v2.0.0, anyone attempting to install it (even as a sub-dependency) will get this logged in the console:

npm WARN deprecated hdkey@2.0.0: Serious bug in hdkey v2.0.0; please use v2.0.1 or later. See https://github.com/cryptocoinjs/hdkey/pull/39 for details