Add check to make sure Baby Jubjub secret scalar is < l

[cedoor]

Description

The BabyPbk Circomlib's template needs a check on the input to make sure s (secret scalar defined here: https://www.rfc-editor.org/rfc/rfc8032.html#section-5.1.5) is < l (prime number of 251 bits defined here https://eips.ethereum.org/EIPS/eip-2494). This PR adds that check.

The secret scalar is generated outside circuits, with the @zk-kit/eddsa-poseidon package (deriveSecretScalar function), and according to the EdDSA standard it is derived from a private key hashed with sha-3. ZK-Kit is currently using blake1.

This PR is also related to https://github.com/privacy-scaling-explorations/zk-kit/issues/239, which aims to make sure the secret scalar is always < l.

Related Issue(s)

Fixes #744 Re https://github.com/privacy-scaling-explorations/zk-kit/issues/239

Other information

This bug was found by the Geometry team. More info in #744.

The SNARK artifacts need to be generated again after this PR.

Checklist

• [x] My code follows the style guidelines of this project
• [x] I have performed a self-review of my code
• [x] I have commented my code, particularly in hard-to-understand areas
• [x] I have made corresponding changes to the documentation
• [x] My changes generate no new warnings
• [x] I have run yarn prettier and yarn lint without getting any errors
• [x] I have added tests that prove my fix is effective or that my feature works
• [x] New and existing unit tests pass locally with my changes
• [x] Any dependent changes have been merged and published in downstream modules