Make it possible to sign transactions with a custom "non-standard" consensus branch ID

[str4d]

Currently, zcash_protocol only parses consensus branch IDs that it knows about, for security. However, this has the side-effect that if you haven't updated your Rust libraries ahead of a NU activation on mainnet, you can't create signatures. This was less of an issue in the past because the shielded signers all updated very quickly (either being the zcashd wallet, or a mobile wallet based on the mobile SDKs), and the transparent signers used their own sighash algorithms without this limitation. However, now we have more wallet impls using the Rust crates, and so there are more stacks that can be forgotten by third parties for updating their crates.

We should consider a "BYO branch ID" mode, where the caller can pass in a consensus branch ID obtained from another source (e.g. a lightwalletd server) to use. This is explicitly less secure, as the entire point of a consensus branch ID changing is to protect against various user failure modes and also mark consensus rule changes, but for some kinds of updates (e.g. NU 6.1) it would enable a workaround that doesn't require doing consensus rule updates.

Making this a bit trickier, Transaction parses with consensus::BranchId, so it would also fail without a BYO mode; we need to decide where the flexibility should be permitted, and how it is guarded.