feat: add WIP-103 proof verification to CLI

[paolodamico]

Adds WIP-103 proof verification to the CLI.

---

Note

Medium Risk
Introduces local ZK ownership verification and ProveKit profile tweaks; correctness matters for proof acceptance but scope is CLI and dev-build config, not on-chain verifier contracts.

Overview
Adds walletkit proof verify-ownership for WIP-103 ownership proofs: reads base64url proof data (file or stdin), decodes CBOR into OwnershipProof, and checks it locally with verify_ownership_proof using --nonce and --sub field elements. Human and JSON output include verification status and merkle root; failures exit non-zero.

The CLI pulls in world-id-proof (zk-ownership-verify), ciborium, and provekit-verifier (via lock/workspace). Dev builds disable debug-assertions on ProveKit crates so serialized Whir proofs match production (debug-only pattern is not serialized).

On-chain verify output now uses shared pass_label / fail_label helpers with green/red [PASS] / [FAIL] when stdout is a TTY.

^{Reviewed by Cursor Bugbot for commit 5536b2d. Bugbot is set up for automated code reviews on this repo. Configure here.}

[paolodamico]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Bravo.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".