light client verification integration test

[redshiftzero]

An important test we should start running here in CI is checking that we don't break the light client verification done in the browser extension. Without testing this continuously, we run the risk of breaking the client verification logic, and that silent failure would hit end users of the browser extension. As a concrete example, if we somehow munged the Merkle proof on /canonical/leaves of the felidae query API, nothing in CI would fail here, but users would be unable to update their lists.

We should either:

1. Run the client verification logic from the browser extension (Typescript, better)
2. Run a Rust implementation of the client verification logic (easier, but not as good as 1, but probably good as a stopgap)

See this folder for how light client data is generated: https://github.com/freedomofpress/webcat-infra-chain/tree/main/test_data

For 2, there is a starting point in cargo run --bin felidae-publish -- --query-url http://localhost:8081 reconstruct which I initially wrote as a reference implementation, but some APIs have changed since then so the next steps would be:

1. Fix up that implementation (the main thing seems to be that we need to prepare_commit prior to commit)
2. Cross-check we are doing everything the browser extension does (see here for the starting point: https://github.com/freedomofpress/webcat/blob/main/extension/src/webcat/update.ts#L134)