fix(keys): return secret bytes for single descriptor keys

[reez]

Description

DescriptorSecretKey::from_string() accepts both extended private keys and single private keys encoded as WIF.

secret_bytes() only handled the extended private key case and treated single keys as unreachable, which caused a panic when called with a valid WIF-derived DescriptorSecretKey.

This updates secret_bytes() to return bytes for single private keys directly, while preserving existing behavior for extended private keys. It also handles multipath extended private keys by returning the underlying xprv secret bytes.

Documentation

• bdk_wallet

  • bdk_wallet::keys documents DescriptorSecretKey as either a single private key or an xprv.

• bitcoin

  • bitcoin::PrivateKey covers WIF parsing and the underlying private key representation used for single-key bytes.

• Other:

  • miniscript::descriptor::DescriptorSecretKey is the upstream enum with Single, XPrv, and MultiXPrv variants.
  • secp256k1::SecretKey::secret_bytes is the upstream byte extraction method used for the returned secret bytes.

Changelog

Checklists

All Submissions:

• I've signed all my commits
• I followed the contribution guidelines
• I ran cargo fmt and cargo clippy before committing
• I've added exactly one changelog:* label
• I've linked the relevant upstream docs or specs above

New Features:

• I've added tests for the new feature
• I've added docs for the new feature

Bugfixes:

• This pull request breaks the existing API
• I've added tests to reproduce the issue which are now passing
• I'm linking the issue being fixed by this PR