implement Nova's Offchain Decider (prover & verifier) for non-ethereum cases (#164)

The idea & motivation is that the [onchain
decider](https://privacy-scaling-explorations.github.io/sonobe-docs/design/nova-decider-onchain.html)
could still be used for non-onchain verification but the proving time is
big (eg. a little bit less than 3 minutes on my laptop) since the
circuit is big due the EVM constraints. Whereas with this new [offchain
decider](https://privacy-scaling-explorations.github.io/sonobe-docs/design/nova-decider-offchain.html)
we can generate the proofs much faster for the cases where it is not
required to verify the proofs in the EVM.

The code is mostly abstracted from any specifics of the current usage of
Groth16 & KZG10, with the idea that eventually in the future we can have
Spartan plugged in and use non-pairing-curves such as pallas&vesta. For
the current version it relies on KZG10 commitments.

The logic implemented in the code of this commit can be found at the updated
docs section 'offchain decider':
https://privacy-scaling-explorations.github.io/sonobe-docs/design/nova-decider-offchain.html

folding-schemes/Cargo.toml

@@ -41,6 +41,10 @@ ark-pallas = {version="0.4.0", features=["r1cs"]}
 ark-vesta = {version="0.4.0", features=["r1cs"]}
 ark-bn254 = {version="0.4.0", features=["r1cs"]}
 ark-grumpkin = {version="0.4.0", features=["r1cs"]}
+# Note: do not use the MNTx_298 curves in practice due security reasons, here
+# we only use them in the tests.
+ark-mnt4-298 = {version="0.4.0", features=["r1cs"]}
+ark-mnt6-298 = {version="0.4.0", features=["r1cs"]}
 rand = "0.8.5"
 tracing = { version = "0.1", default-features = false, features = [ "attributes" ] }
 tracing-subscriber = { version = "0.2" }