Cross-circuit check: C2/C3→C4 — verify C4 expected_commitments match C3 message commitments

[0xjei]

Prevent a node from passing C4 verification with expected_commitments that do not match the message commitments it committed to in C3. This requires caching C3 commitments per sender and comparing when C4 proofs are verified.

Tasks:

• In ShareVerificationActor, add a per-(e3_id, kind) cache (e.g. verified_signals_cache or similar) that stores, for honest parties:
  • After ShareProofs (C2/C3) round: for each sender, the list of C3 expected_message_commitment values (with a well-defined order matching C4’s matrix, using the mapping from Issue 2).
• When VerificationKind::DecryptionProofs completes:
  • For each sender, parse C4’s expected_commitments from public signals (prefix; return value is last field — see Issue 1).
  • Using the index mapping from Issue 2, compare the slice of C4 expected_commitments that corresponds to that sender’s C3 commitments to the cached C3 values.
  • On mismatch: mark sender dishonest and emit SignedProofFailed / ProofVerificationFailed for the failing C4 signed payload.
• Ensure cache is keyed by e3_id (and cleared or scoped so it does not leak across E3 runs).

Acceptance criteria:

• C4 proof with expected_commitments inconsistent with previously verified C3 commitments causes sender to be marked dishonest and the C4 payload to be reported.
• Test: two proofs (C3 and C4) with intentionally mismatched commitments; verifier marks sender dishonest.