feat: Ed25519 and Ed25519ph verification algorithm

[Avaneesh-axiom]

This PR adds to the ECC extension support for verifying EdDSA signatures over the Ed25519 curve. In particular, the Ed25519 and Ed25519ph (prehashed variant) from this RFC are supported.

A new module named eddsa was added to the ECC guest extension. The eddsa.rs file contains an implementation of EdDSA that is generic over the twisted Edwards curve, but is currently only instantiated (and tested) with the Ed25519 curve.

The Ed25519 and Ed25519ph verification algorithms are tested in the ECC integration tests. All the relevant test vectors from the RFC are used, as well as some randomly generated ones.

Note: Ed25519ph is not simply Ed25519 with the message first hashed with SHA-512. The subtlety is that there is a domain separator incorporated into the input to a hash. See the definition of dom2(F, C) here and its use here.

Depends on #1858 and #1829

[codspeed-hq]

CodSpeed WallTime Performance Report

Merging #1874 will not alter performance

_{Comparing feat/eddsa (b3288ab) with feat/new-execution (97eaf48)}

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

Summary

✅ 24 untouched benchmarks

[github-actions]

group	app.proof_time_ms	app.cycles	app.cells_used	leaf.proof_time_ms	leaf.cycles	leaf.cells_used
verify_fibair	1,241	322,676	17,270,914	-	-	-
fibonacci	2,322	1,500,277	50,589,231	-	-	-
regex	(+43 [+0.6%]) 6,997	4,165,432	166,449,586	-	-	-
ecrecover	(-35 [-2.5%]) 1,385	137,283	8,179,549	-	-	-
pairing	(+183 [+4.8%]) 3,986	1,862,964	102,530,853	-	-	-

Commit: b3288ab

Benchmark Workflow