rangeproof: fix Jonas' bug

Copied some more logic from the 2015-era code.

src/modules/rangeproof/rangeproof_impl.h

@@ -113,7 +113,7 @@ static int secp256k1_rangeproof_header_set_for_value(
     secp256k1_rangeproof_header* header,
     uint64_t* proven_value,
     const uint64_t min_value,
-    const uint64_t min_bits,
+    uint64_t min_bits,
     const int exp,
     const uint64_t value
 ) {
@@ -149,9 +149,17 @@ static int secp256k1_rangeproof_header_set_for_value(
          */
         header->exp = 0;
     }
+    /* Reduce min_bits to keep within a uint64_t's range (essentially copied from 2015 code) */
+    {
+        const unsigned int max_bits = min_value ? secp256k1_clz64_var(min_value) : 64;
+        if (min_bits > max_bits) {
+            header->mantissa = max_bits;
+            min_bits = max_bits;
+        }
+    }
     {
         /* If the user has asked for more bits of proof then there is room for in the exponent, reduce the exponent. */
-        uint64_t max = min_bits ? (UINT64_MAX >> (64 - min_bits)) : 0;
+        uint64_t max = min_bits ? (UINT64_MAX >> (64 - header->mantissa)) : 0;
         int i;
         for (i = 0; i < header->exp && max <= UINT64_MAX / 10; i++) {
             max *= 10;