Add RISC Zero verifier stack deploy script for NitroEnclaveVerifier integration

[leopoldjoy]

Summary

Adds a new DeployRiscZeroStack.s.sol script that deploys the full RISC Zero on-chain verifier stack (Groth16Verifier, SetVerifier, VerifierRouter) and NitroEnclaveVerifier in a single transaction. This is a prerequisite for using DeployDevWithNitro.s.sol with real ZK proof verification.

Motivation

The RISC Zero SetVerifier and NitroEnclaveVerifier (via ISP1Verifier) require Solidity ^0.8.20, but the main deployment scripts and their transitive dependencies (DisputeGameFactory, TEEProverRegistry, AggregateVerifier, etc.) are pinned to =0.8.15. These cannot coexist in a single compilation unit, so the verifier stack deployment is split into a separate ^0.8.20 script.

Changes

• New: scripts/multiproof/DeployRiscZeroStack.s.sol — Deploys RiscZeroGroth16Verifier, RiscZeroSetVerifier, RiscZeroVerifierRouter (with both selectors registered), and NitroEnclaveVerifier. Takes all config as function args for portability across testnets.
• Modified: scripts/multiproof/DeployDevWithNitro.s.sol — Simplified to require a pre-deployed nitroEnclaveVerifier address from config. Removed concrete NitroEnclaveVerifier and risc0 contract imports that caused the Solidity version conflict.
• Modified: scripts/deploy/DeployConfig.s.sol — Replaced risc0SetBuilderImageId (bytes32) with risc0VerifierRouter (address). Added clarifying comments on Nitro config fields.
• Modified: foundry.toml — Added openzeppelin/ remapping pointing to lib/risc0-ethereum/lib/openzeppelin-contracts/ so risc0 contracts' bare openzeppelin/ imports resolve correctly at the root level.

Deployment Flow

1. Deploy verifier stack + NitroEnclaveVerifier:

forge script scripts/multiproof/DeployRiscZeroStack.s.sol:DeployRiscZeroStack \
  --sig "run(address,bytes32,bytes32,bytes32,address,bytes32)" \
  <OWNER> <SET_BUILDER_IMAGE_ID> <NITRO_ROOT_CERT> <NITRO_VERIFIER_ID> \
  <NITRO_PROOF_SUBMITTER> <NITRO_VERIFIER_PROOF_ID> \
  --broadcast --rpc-url https://c3-chainproxy-eth-sepolia-full-dev.cbhq.net --ledger --hd-paths "m/44'/60'/1'/0/0"

2. Set nitroEnclaveVerifier in deploy config to the output address.
3. Run DeployDevWithNitro.s.sol as before.

[cb-heimdall]

✅ Heimdall Review Status

Requirement	Status	More Info
Reviews	✅ 1/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1