making the plonk verifier library external to the light client contract

[alysiahuggins]

Closes #1533

This PR:

In #999 (comment), we changed the visibility of verify() function in library PlonkVerifier from external to internal to placate OZ's defender script. However that includes the PlonkVerifier bytecode in the LightClient contract which makes the file large. Instead, we have changed the visibility to external again and followed the following steps to be able to deploy the upgradeable light client contract via open zeppelin

• deployed the PlonkVerifier contract via OpenZeppelin & a Safe Multisig wallet
• referenced the address of the deployed PlonkVerifier in the forge script deployment command when deploying the Light Client contract via OpenZeppelin & a Safe Multisig wallet
• removed openzeppelin related secrets into .env.contracts instead so that it can be gitignored since the existing .env file contains configuration variables that are not that secret

This PR does not:

• even though the PlonkVerifier contract is deployed via OpenZeppelin & a Safe Multisig wallet, it's not upgradeable and thus each time modifications are made to the PlonkVerifier contract, the Light Client Contract has to be updated with the new address of the deployed PlonkVerifier mentioned at deploy time
• automate the inclusion of the most recent address of the deployed PlonkVerifier in the forge script command for deploying or upgrading the LightClient contract
• remove the mnemonic from the .env file and put it into the .env.contracts file since there are other processes that use it so I need to create a separate issue and communicate with other team members so that they are aware of the change.

Key places to review:

• PlonkVerifier contract function visibility
• updated README in contracts/script
• new .env.contracts.example file

How to test this PR:

• to thoroughly test this PR, one would have to follow the instructions in contracts/src/README to set up the environment to deploy both the PlonkVerifier contract and the LightClient contract

Things tested

• deploying the PlonkVerifier and LightClient contract via forge script which involves OpenZeppelin Defender & Multisig Safe Wallet

Things not tested

• modifying PlonkVerifier methods and upgrading the LightClient contract with the new PlonkVerifier

[Sneh1999]

Why are we adding the DEFENDER_SECRET and DEFENDER_KEY to .env ?

[Sneh1999]

Just a suggestion - but I think we should not push .env to main as its generally not advised and rather we should have a .env.example which can be converted to .env locally when needed. The reason for this is that someone can by accident add a private key to .env file and push it and bots will extract all the assets from that key - this has happened with a lot of people in the industry. Let me know what your thoughts are on this!

[alysiahuggins]

Thanks for calling this out so we can revise this. Historically, the .env file wasn't used for secrets but for config. The openzeppelin related config/secrets have been removed and placed into a gitignored env file called .env.contracts with a .env.contracts.example file provided as the example. This also resolves the comment above 0e7ab30

[Sneh1999]

Should we allow this to be a .env variables instead of being hard coded here to make it more configurable?

[alysiahuggins]

Thanks Sneh. Currently, There's an open issue to deal with defender deployment logs #1286 but currently when we deploy with openzeppelin defender, the deployment logs aren't written locally (whereas foundry normally does this). So this is a workaround and is not expected to be used more dynamically. I've put that string into a variable since it has been referenced multiple times in the script. c80c26e

[Sneh1999]

LGTM!