- Incremented PROVER_VERSION to 1.3 and VERIFIER_VERSION to 1.4 in binary_format.rs.
- Added Groth16 prover struct and integrated it into the Prover enum.
- Enhanced NoirProof to include Groth16 variant with public inputs and proof data.
- Implemented Groth16 proving logic in the Prove trait for Groth16Prover.
- Updated Verifier to handle Groth16 proofs and added serialization for VerifyingKey.
- Modified CLI commands to support Groth16 backend for preparing proofs.
- Adjusted tests and examples to accommodate changes in proof handling.

…upport

- Updated the setup function to accept multiple challenges per commitment, allowing for more flexible challenge generation.
- Modified the Proof struct to include validation checks for proof elements on the curve and in the correct subgroup.
- Improved the verifier to handle multiple challenges derived from a single commitment, ensuring proper serialization and verification.
- Refactored the Prover implementation to streamline the commitment process, utilizing a single Pedersen commitment for multiple challenges.
- Enhanced error handling and logging throughout the setup and verification processes for better debugging and traceability.

…d setup.rs

- Move Prover/Groth16Prover/Groth16CommitmentInfo from provekit-common to
  a new provekit_prover::prover_types, breaking the dep cycle that kept
  the Groth16 PK stored as raw Vec<u8> rather than a typed ProvingKey.
- Add provekit_prover::pkp_io with split-section .pkp v1.4 layout:
  header + single zstd stream of postcard-encoded metadata followed by
  raw arkworks-encoded ProvingKey bytes. Streaming postcard reader feeds
  directly off the zstd Decoder; no decompressed Vec<u8> is materialised.
- Switch .pkp compression from xz to zstd (~2.5x faster reads, +4% size).
- Custom Serde adapter on provekit_groth16::ProvingKey emits/decodes a
  zero-byte placeholder so the typed PK rides through serde transparently
  while its actual bytes live in the appended section.
- Split groth16::prover::prove into bsb22_pok / prove_ar_bs_bs1 /
  prove_krs so the outer prove_with_witness can run compute_h in parallel
  with the H-independent stages via rayon::join.
- Inside prove_ar_bs_bs1 run the three MSMs sequentially: arkworks MSM
  is already rayon-parallel internally, so concurrent calls only stack
  bucket allocators without speeding up wall clock.
- Chunk Pedersen commit/PoK MSMs (100k-element chunks) to cap arkworks'
  per-call transient state.
- Destructure the typed PK in prove_with_witness and drop each base
  vector immediately after its MSM finishes; drop program /
  witness_generator after public-input extraction.

Measured on complete_age_check (~1M wires, 636k constraints):
  peak memory: 1.51 GB -> 789 MB (-48%)
  end-to-end:  3.84 s -> 2.87 s   (-25%)

…stency

… output structure

…hmark helpers

…ts; clarify wire index conventions and Krs validation

- Introduced  for a borrowed view over  bases, allowing for polymorphic access to either owned or mmap'd bases without runtime overhead.
- Updated  to use  instead of  directly, enhancing memory efficiency.
- Added  module for mmap-backed  file I/O, providing a faster alternative to the legacy zstd format.
- Implemented  and  functions for handling mmap files, including necessary metadata and alignment.
- Updated  to support both owned and mmap-backed proving keys, ensuring zero-byte serialization for compatibility.
- Enhanced command-line interface to allow users to specify mmap usage for Groth16 backends, improving load times at the cost of larger artifact sizes.