feat: WIP-103 make nonce part of the authenticator sig

[paolodamico]

Changes

1. Updates the WIP-103 circuit to include the nonce in the message signature.
2. Reverts Noir circuit compilation to execute automatically on build script.

Motivation

1. Without including the nonce in the signature, a single signature can be replayed and long lived which presents a security risk.
2. This allows testing circuit updates progressively and removes a trust anchor (the circuit artifacts being legitimate). Furthermore, circuit artifacts are generated files, it makes sense for them to be compiled at build time.

Notes

ACIR opcodes increased from 25730 to 26059

---

Note

High Risk
Changes WIP-103 cryptographic binding and proof generation semantics (breaking for any party still using the old signature message), and makes ownership-proof builds depend on a pinned nargo toolchain instead of trusted prebuilt artifacts.

Overview
WIP-103 ownership proof now ties the authenticator EdDSA signature to the verifier’s nonce: signing and circuit verification use Poseidon2(b"WIP103", expected_commitment, nonce) instead of signing the bare sub/commitment. The Noir circuit separates commitment (H_CS(leafIndex, blinder)) from the signed message, exposes the commitment as the proved public output, and documents the change in wip-103.md.

Authenticator and tests (prove_credential_sub, proof crate fixtures) hash with DS_OWNERSHIP_PROOF before signing so prover, authenticator, and spec stay aligned.

Build and release tooling drops committed/downloaded Noir ownership_proof.pkp/pkv from circuit artifact releases and removes tools/generate-noir-artifacts and just build-noir-artifacts. With zk-ownership-prove / zk-ownership-verify, crates/proof/build.rs runs nargo compile and provekit to emit keys into OUT_DIR (requires nargo v1.0.0-beta.11).

^{Reviewed by Cursor Bugbot for commit 03a679a. Bugbot is set up for automated code reviews on this repo. Configure here.}