Some changes requested here. Mostly to not remove AES.

Okay, in my opinion this can be merged so we can move along, but I honestly feel like this could be made quite a bit cleaner and clearer.

For one, I think it would probably serve us to have ChaCha20 take in bytes, not bits. Would be as easy as calling ByteToBits or ToBits(8) or whatever the template is. This makes life easier on the Rust side. It's not a big deal either way I suppose, but this just changes the API in an unexpected way, in my opinion.

Second, the way the full tests were laid out is, bizarre. If I was being stricter here, I'd ask you to redo it in the following way:

1. Leave the NIVC_FULL and NIVC_FULL_2 tests as is, but rename them to NIVC_FULL_AES and NIVC_FULL_2_AES.
2. Create two tests NIVC_FULL_CHACHA and NIVC_FULL_2_CHACHA.
3. I think we should be testing these circuits in the same way we tested AES-GCTR here. The first NIVC_FULL folds a single 16 byte chunk at a time, NIVC_FULL folds 32 bytes at a time. You could mimic this with ChaCha by having NIVC_FULL_CHACHA run with all 320 bytes at once. Then NIVC_FULL_CHACHA_2 could do 160 bytes at once. This tests that the parameter for how many 32bit words to fold at once works with our circuit chain. It almost certainly does, but why not just test it that way?

Please consider taking this feedback and integrating it before you merge this. If not, then make issues at least, please!