Explicitly Describe Adaptor Point Computation

[nkohen]

It appears that the current specification, we do have a description of adaptor point computation

Given public key `P` and nonces `R1, ..., Rn` we can compute `n` individual signature points for
a given event `(d1, ..., dn)` in the usual way: `si * G = Ri + H(P, Ri, di)*P`.

(and its updated non-BIP340 version on the PR that updates things)

But, this is in the CETCompression specification in a section describing how we handle the "special case" where there is more than one nonce.

Nowhere is the "usual way: s*G = R + H(P, R, m)*P" included elsewhere in the specification such as in either the contract_info or oracle_announcement definitions or else maybe in the Protocol.md specification, and this should probably be included in one of those places.

[nkohen]

On further thought, computing adaptor points deserves its own short document which will take out the relevant section from CETCompression.md and put that after an earlier section for enum outcomes and follow it with a small section on multi-oracle aggregation (likely taken out of that doc).

I'll be opening a PR for this soon

[nkohen]

This document should also explicitly specify an order for the computed adaptor points which is then used as the order for cet_adaptor_signatures in the accept and sign messages.