engine_forkchoiceUpdatedV2/V3 inappropriately validate terminal PoW block conditions

[tersec]

https://github.com/ethereum/execution-apis/blob/v1.0.0-beta.4/src/engine/shanghai.md#specification-1

1. Client software MAY NOT validate terminal PoW block conditions in the following places:
   • during payload validation (point (2) in the Payload validation routine specification),
   • when updating the forkchoice state (point (3) in the engine_forkchoiceUpdatedV1 method specification).

but

nimbus-eth1/nimbus/beacon/api_handler/api_forkchoice.nim

Lines 103 to 128 in bda760f

	# Block is known locally, just sanity check that the beacon client does not
	# attempt to push us back to before the merge.
	let blockNumber = header.blockNumber.truncate(uint64)
	if header.difficulty > 0.u256 or blockNumber == 0'u64:
	var
	td, ptd: DifficultyInt
	ttd = com.ttd.get(high(common.BlockNumber))
	if not db.getTd(blockHash, td) or (blockNumber > 0'u64 and not db.getTd(header.parentHash, ptd)):
	error "TDs unavailable for TTD check",
	number = blockNumber,
	hash = blockHash.short,
	td = td,
	parent = header.parentHash.short,
	ptd = ptd
	return simpleFCU(PayloadExecutionStatus.invalid, "TDs unavailable for TDD check")
	if td < ttd or (blockNumber > 0'u64 and ptd > ttd):
	notice "Refusing beacon update to pre-merge",
	number = blockNumber,
	hash = blockHash.short,
	diff = header.difficulty,
	ptd = ptd,
	ttd = ttd
	return invalidFCU("Refusing beacon update to pre-merge")

runs regardless of which forkchoiceUpdated is called, even though that check should only be run for engine_forkchoiceUpdatedV1.