[contract-deploy] Store bytecode hash for a contract in addition to verification key hashes

[spalladino]

Today we use the verification key hash to identify each function in a contract. However, this means that unconstrained code isn't committed to, so an app could provide the bytecode for a contract with altered unconstrained code (eg the code that interacts with the oracle) and the user would have no way to know. Same applies to unconstrained functions in a contract, a dapp could inject whatever code they want in those, and potentially use it to exfiltrate private information. We should commit to the bytecode hash of a contract somewhere, in addition to the verification key.

[spalladino]

Comment from @zac-williamson:

I think we would need both
In the Kernel circuit, the user provides the Verification Key of the function circuit as a private input. We validate that the key is correct by checking its hash against the vk hash in the contracts tree.
We still need to be able to do this check - a bytecode hash or a hash of vk + bytecode won’t cut it here

[spalladino]

This issue may already be implemented but currently disabled. See also #5860.

[sklppy88]

Closed as the bytecode hash is already included in the function artifact hash (computeFunctionArtifactHash), which is eventually used in the artifact function tree, (computeArtifactFunctionTree), artifact function tree root (computeArtifactFunctionTreeRoot), and artifact hash preimage (computeArtifactHashPreimage). All we need to do is re-enable this check as described by #5860.