feat: implement BLS signature verification (minimal public key)

[ivokub]

Description

This PR implements a variant of BLS signature verification (minimal public key). For this, we have implemented also:

• message expansion
• added BlockSize to binary hasher interface
• implemented encode-to-g1, encode-to-g2, encode-to-g1, encode-to-g2

This PR takes #1447 and #1040 and Consensys/gnark-crypto#674, implementing Map/Hash to G2 over BLS12-381.

There is still some optimizations being done (bytes to emulated element conversion). But this is done during my refactor of #1489 later. And I'll then update the implementation here.

Thanks @weijiguo for the initial PR!

After this is merged, we can close #1040.

Type of change

• New feature (non-breaking change which adds functionality)

How has this been tested?

• TestAddG2FailureCaseTestSolve
• TestAddG2UnifiedTestSolveAdd
• TestAddG2UnifiedTestSolveDbl
• TestAddG2UnifiedTestSolveEdgeCases
• TestEncodeToG1
• TestHashToG1
• TestEncodeToG2
• TestHashToG2
• TestExpandMsgXmd
• TestMinimalPublicKeyTestSolve

How has this been benchmarked?

Checklist:

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I did not modify files generated from templates
• golangci-lint does not output errors locally
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[ivokub]

@yelhousni - I think we're good with it. I have added compatibility tests with Ethereum BLS signature implementation. I think having signature generation in gnark-crypto is nice-to-have, but it requires a bit of thought how to implement nicely (with prehashed messages and configuration).

And G1 variant doesn't seem to be much used, we can always add it if anyone asks, but there is lack of test vectors.