Uncommitted private shares are still summed into the DKG secret, producing an invalid group key

Both v1 and v2 compute_secret() implementations warn on missing commitments but still sum those shares, so a signer can end up with a private key that does not match the group public key. All signatures produced from that DKG round fail verification