Missing sanity checks for "All spend paths must require a signature" in descriptor parsing

[erickcestari]

Embit is missing validation to ensure that all spend paths in parsed descriptors require a signature, allowing potentially unsafe descriptors to be accepted that should be rejected.

When parsing descriptors, embit should validate that all spend paths require a signature. Currently, embit accepts descriptors that don't meet this requirement, while other implementations like Rustminiscript and bitcoin core correctly reject them.

test case:
wsh(ripemd160(4c6119129493f40c5332f07efd0dfb3eae005424))