Support Pedersen commitment in decider

[winderica]

It is observed in https://eprint.iacr.org/2024/1436 that, thanks to CP-SNARKs, we can use Pedersen commitment in the decider without blowing up the size of decider circuits.

I already have a working implementation, but the code is messy, contains unsafe workarounds, and relies on forks of arkworks. Below I list several tasks that need to be completed before getting it merged into Sonobe:

• Port changes in the fork of arkworks/snark to upstream, which allows the constraint system to store witnesses that are being committed to.
• Port changes in the fork of arkworks/r1cs-std to upstream, which supports the creation of a committed variable in R1CS.
• Port changes in the fork of arkworks/groth16 to upstream, which modifies the original LegoGroth16 implementation and adds some minor improvements.
• Clean up the implementation and submit a PR!
• Update the docs

Also, CP-SNARKs may make it possible to support commitment schemes other than Pedersen and KZG in decider, although I don't have any concrete idea yet.