dealer::shard sanity check fails every once in a while

[cyphar]

I've run into two cases of failures in safety-checking code, leading me to wonder whether the logic is sound.

• The sanity check in Dealer::shard that checks whether the evaluated polynomial equals x failed once with thread '<unnamed>' panicked at 'assertion failed: self.threshold == 1 || y != poly.constant()', pkg/paperback-core/src/shamir/dealer.rs:111:17. I guess it is possible for the polynomial to equal the secret at a random x value, but we still should avoid allowing that even if an attacker couldn't know whether that was the case. Maybe we should handle it better? Dealer::next_shard should probably re-try at a different x value rather than crashing the program.
• In CI, the test for limited_recover_fail failed because it seems one of the polynomials returned the same value for a random x value. thread 'shamir::dealer::test::limited_recover_fail' panicked at '[quickcheck] TEST FAILED. Arguments: (9, [30], [GfElem(4011157905), GfElem(1345881083)])', /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/quickcheck-1.0.3/src/tester.rs:165:28 Moved to quickcheck limited_recover_fail failure? #93.

Maybe we need to reconsider if these properties are actually guaranteed or just very unlikely to happen (probably the latter) and how we should protect against them without using asserts.

[cyphar]

The first issue was fixed by 359c443.