Implementation of the hash circuit over bls12_377::ScalarField

[simonmasson]

There are three main possiblities for hashing to bls12_377::ScalarField:

• Pedersen hash is used in Sapling and uses bls12_381::ScalarField, a field similar to our case, but the circuit is implemented with Groth16, not PLONK.
• Sinsemilla is implemented in Halo 2, but for Pasta curve fields.
• Poseidon hash is already implemented for bls12_377::ScalarField here and the circuit implementation is a WIP in zk-garage/plonk here. It seems to be the best option. Although it is maybe not secure for all our use-cases. We want to use it for Merkle tree (see issue Implementation of the Merkle tree membership for bls12_377::ScalarField #21) and for com_p and com_q. Note that com_p is a hash into bls12_377::BaseField; it means it would require generating parameters for this field.