feat: implement vsss

[sander2]

With a start on the docs based on #81.

A working test is available in examples/groth16_cut_and_choose_vsss.rs.

There is currently a lot of code duplication with the sp1 soldering approach. They should probably be unified in a tidier way, but I wanted to focus on getting this work before. Also some of the code & docs needs some general clean up. For example, I want to move some of the code out of the example into the evaluator impl.

One more small note: this implements vsss but not yet the adaptor sigs. Meaning it sends over the wide labels directly from the garbler to the evaluator instead of encoding to and decoding them from adaptor sigs. That's still todo, but should be straightforward since the low level code for that is already implemented and it doesn't need major protocol overhauls.

General notes:

• using blake3 xof hashing for the wide garbling tables, without any kind of salt. Not sure if this secure enough.
• the vsss is using sequential code - would be good to parallelize
• my changes were based on the implementation of a week ago. Since then, some of the functionality has changed, creating a discrepency between similarly named function. E.g. run_regarbling_vsss vs run_regarbling are now functionally quite different

[sander2]

Included via #88