Optimize MSM for Bandersnatch/wagon and Verkle Tries

[mratsim]

Followup to #414

There are 3 ways to optimize MSM for the Bander curves

1. MSM for Bandersnatch and Banderwagon does not use endomorphism acceleration. This is because their endomorphism requires to switch to projective coordinates.

   constantine/constantine/named/zoo_endomorphisms.nim

   Lines 53 to 77 in 90f5e4d

   	func computeEndoBander[F](r {.noalias.}: var EC_TwEdw_Prj[F], P: EC_TwEdw_Prj[F]) =
   	static: doAssert F.Name in {Bandersnatch, Banderwagon}
   	var xy {.noInit.}, yy {.noInit.}, zz {.noInit.}: F
   	xy.prod(P.x, P.y)
   	yy.square(P.y)
   	zz.square(P.z)
   	const b = F.fromHex("0x52c9f28b828426a561f00d3a63511a882ea712770d9af4d6ee0f014d172510b4")
   	const c = F.fromHex("0x6cc624cf865457c3a97c6efd6c17d1078456abcfff36f4e9515c806cdf650b3d")
   	r.x.diff(zz, yy)
   	r.x *= c
   	zz *= b
   	r.y.sum(yy, zz)
   	r.y *= b
   	r.z.diff(yy, zz)
   	r.x *= r.z
   	r.y *= xy
   	r.z *= xy

2. We use Projective coordinates but Twisted Extended (X, Y, Z, T) might be noticeably faster (22% according to paper): https://iacr.org/archive/asiacrypt2008/53500329/53500329.pdf
3. Implement precomputed tables for fixed CRS for Verkle Tries / IPA:

• https://hackmd.io/@1rDV_-HiSd-uTLJAZgeQTg/Hk0Ec7hO3
• https://hackmd.io/@jsign/vkt-another-iteration-of-vkt-msms