document and implement byte-accurate public_signals parsing for circuit chaining

[0xjei]

As part of cross-circuit consistency checks (C0→C7 chaining), we need reliable parsing of public_signals for each circuit so we can compare commitments across verification rounds.

Tasks:

• Document the exact byte layout (field indices, array flattening order) for:
  • C0 (Pk): single public Field (commitment) — see circuits/bin/dkg/pk/src/main.nr
  • C1 (PkGeneration): 3 public fields at the end (sk_commitment, pk_commitment, e_sm_commitment) — see circuits/bin/threshold/pk_generation/src/main.nr and crates/zk-prover/tests/local_e2e_tests.rs (extract_field_from_end)
  • C3 (ShareEncryption): expected_pk_commitment (field 0), expected_message_commitment (field 1), then ct0is/ct1is — see circuits/bin/dkg/share_encryption/src/main.nr
  • C4 (DkgShareDecryption): expected_commitments[[Field; L_THRESHOLD]; H] as prefix, return value as last field — see circuits/bin/dkg/share_decryption/src/main.nr
  • C5 (PkAggregation): expected_threshold_pk_commitments array — see crates/zk-prover/tests/local_e2e_tests.rs (extract_field)
  • C6 (ThresholdShareDecryption): expected_sk_commitment (field 0), expected_e_sm_commitment (field 1) — see circuits/bin/threshold/share_decryption/src/main.nr
• Implement small parser helpers (e.g. in zk-prover or a shared module) that take &[u8] (or ArcBytes) and return the relevant commitment(s) with clear panic/Result on length mismatch.
• Add unit tests that assert offsets and sizes against the Noir circuit main.nr signatures.

Acceptance criteria:

• Documented layout for each circuit in code comments or a small doc module.
• Parsers used by subsequent cross-circuit check issues (C0→C3, C3→C4, C4→C6, C1→C5).
• No change to Noir circuits or proof generation.