Original fix at cosmos/iavl#582, is simply:

```
if len(pin.Left) > 0 && len(pin.Right) > 0 {
	return nil, errors.New("both left and right child hashes are set")
}
```
Our iavl functions however don't return errors. Proposing to use
`panic()` instead, as it does in other parts of this file.

More about this 2022-10-07 vuln:

https://medium.com/@Beosin_com/how-did-the-bnb-chain-exploiter-pass-iavl-proof-verification-an-in-depth-analysis-by-beosin-c925b77bc13e
https://twitter.com/buchmanster/status/1578879225574350848

Won't compile yet.
Is a test of the iavl proof forgery as exploited during BSC 2022-10-07 hack.

Notes:
1. proof_forgery_test.go comes from cosmos/iavl#582
2. gist showing the same vuln at https://gist.github.com/samczsun/8635f49fac0ec66a5a61080835cae3db

The test is not going to compile as is, it needs some work.

…lnerable)

output follows

--- FAIL: TestProofForgery (0.00s)
    proof_forgery_test.go:69:
                Error Trace:    /home/bob/opt/src/COINS/Cosmos/GNO/gno/pkgs/iavl/proof_forgery_test.go:69
                Error:          Should be empty, but was [73 209 82 89 222 179 131 99 170 27 180 58 80 20 211 (...) 94 7 254 45 183 20 244]
                Test:           TestProofForgery
                Messages:       roothash must be empty if both left and right are set
FAIL
FAIL    command-line-arguments  0.003s
FAIL

and fails otherwise (fails when vuln not fixed)

It should now be ok for review.

applying @zikovicmilos suggestion