feat: Implement `Transcript` abstraction for Poseidon

[adr1anh]

A full Fiat-Shamir transcript primitive is missing for native and corresponding circuit use cases. At the moment, we only have the RO trait which is essentially just a 1-round transcript.

We want the same interface as the existing ROTrait, but with the ability to perform multiple absorbs and squeezes to generate challenges over several rounds of incoming prover data.

• Small challenges are useful for reducing the cost of a scalar multiplication performed in the circuit. The CycleFold circuit is designed to support any sized scalar and the performance is independent of this size. Therefore, we do not need to decompose the challenge from the transcript output which costs an additional ~254 constraints and variables.
• A simple initial implementation could use the existing code for the RO trait. The transcript caches the previously squeezed challenge and prepends it to the next list of elements that are added to the transcript. In a more complex version, we would use neptune's IOPattern to define the exact sequence of absorbs and squeezes throughout the protocol.
• It seems like we can remove the num_absorbs parameter from RO::new() since it is only used by the squeeze function when initializing the Poseidon state. We can instead compute this from the size of the state.

[adr1anh]

Very rough implementation exists here.

Missing:

• Proper trait for into_field_iter()
• Handling different Commitment over E and Dual<E>
• Usage of SAFE API (deriving the fixed IO pattern could be tricky)
• Better handle on Poseidon arity (currently fixed to 24)
• Separate primary commitment hashing from constants