[Feature]: Missing contract check that aggregate public key is derived from signing keys

[evonide]

(Low) Missing contract check that aggregate public key is derived from signing keys

1. Description

In the bootstrap signers Clarity contract there is no check that the aggregate public key is derived from the signing keys. See also current version. It should be added to avoid incorrect and potentially breaking updates.

Note: Interestingly, this check is done in the signer code, although as evident from the comment it is not implemented yet.

[djordon]

Hmmm, I'm not sure if we can do that in clarity.

[djordon]

I think the thing to do here is to remove the aggregate public key from the clarity contract. The signers don't use it and have no plans to do so, removing it will simplifies things all around.

Edit: The only place where the aggregate key is used is on the bitcoin side, where we use the aggregate public key to secure the funds, but the signers will derive the aggregate key from the public keys in the signer set (well after https://github.com/stacks-network/sbtc/issues/511).