feat: add TDX verifier and TDX-aware TEE prover registry

[jackchuma]

Summary

Adds the production-shape Intel TDX DCAP signer-registration path for multiproof, alongside Nitro:

• src/multiproof/tee/TDXVerifier.sol — verifies a RISC Zero or SP1 proof whose public values are an ABI-encoded TDXVerifierJournal, then enforces on-chain policy: trusted Intel root, TCB status allowlist, collateral expiry, quote freshness (maxTimeDiff), signer derivation, and REPORTDATA public-key binding.
• src/multiproof/tee/TDXTEEProverRegistry.sol — extends TEEProverRegistry with registerTDXSigner(...), storing the signer address and TDX image hash (keccak256(MRTD || RTMR0..3)) in the same registry fields used by TEEVerifier.
• interfaces/multiproof/tee/ITDXVerifier.sol — interface, journal layout, TCB status enum, and ZK coprocessor config types.
• Tests: test/multiproof/TDXVerifier.t.sol, test/multiproof/TDXTEEProverRegistry.t.sol.
• Snapshot updates (abi, storageLayout, semver-lock) and scripts/multiproof/README.md documentation for the new "Path 3: TDX" flow.

Notes

• TEEVerifier remains the proposal-proof verifier; TDX only changes signer registration.
• PoC boundary: the off-chain RISC Zero / SP1 TDX DCAP guest that emits TDXVerifierJournal is not in this PR.
• Opening as draft for review of the on-chain policy surface and journal schema before wiring into deployment scripts.

Test plan

• just test -- --match-path \"test/multiproof/TDX*\"

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1