privval: consensus should tell the privval whether to sign vote extensions

[cason]

Inspired by #3570 and similar issues reported regarding the behavior of the private validator (privval) when signing vote messages from v0.38.x.

Currently, the private validator receives from consensus the information of whether vote extensions are enabled or not. It is up to the private validator implementation to validate the semantics of vote extensions, thus to sign or reject the vote and the extension.

More precisely, the private validator is expected to:

1. Do not accept and sign extensions for Prevote votes
2. Do not accept and sign extensions for Precommit votes for nil
3. Produce a signature for a vote extensions for a Precommit for a value that is not nil, even if the vote extension is empty

We probably should simplify the logic at the private validator side and tell it explicitly whether to expect and sign the extension present in the vote.

[cason]

In reality, on main and also on v1.x we already have the behavior described in this issue, introduced by #2496. This was achieved by adding a boolean extensionsEnabled to the call/protobuf that is send to the private validator.

This same approach is not feasible in v0.38.x, as it would constitute a breaking change.

[cason]

However, as pointed out by @sergio-mena, #2496 has also potentially disabled some sanity checks that are relevant.

In particular, the private validator should error when it is asked to sign a Prevote or a Precommit for nil. These vote messages must not have an attached extension. This has to be reviewed.

[sergio-mena]

Thanks @cason , taking it from here