Public key recovery for EC leaves in P2MR (BIP-360)

Neat idea, basically taproot but with a hash. Yeah that could be an option, but like @sipa points out, it would only be quantum-secure before the first spend.

This would essentially be trading standalone PQ safety for 32 bytes more efficient EC spending prior to Q-day. Arguably safer than P2TRv2 because at least it’s safe if you stand perfectly still, but not actually usable after Q-day until EC spending is disabled by a soft-fork.

Could be an interesting compromise between P2MR and P2TRv2?