protocol: include ProofRandomScalar to VOPRF test vectors

[armfazh]

The token response is composed of a zk-proof, which is a randomized procedure.

struct {
   uint8_t evaluate_msg[Ne];
   uint8_t evaluate_proof[Ns+Ns];
} TokenResponse;

In order to reproduce the test vectors for VOPRF, the ProofRandomScalar should be included as part of the test vectors, just like the VOPRF draft does:

"Proof": The serialized Proof output from GenerateProof() composed of two serialized scalar values, each Ns bytes long. Only present for VOPRF and POPRF test vectors.

"ProofRandomScalar": The random scalar r computed in GenerateProof(), a serialized scalar of Ns bytes long. Only present for VOPRF and POPRF test vectors.

The proof attached in the current TokenResponse field can be tested as a valid proof; but the generation of the proof cannot be reproduced without the random scalar.

[heathdutton]

Agreed. This will make the test vectors more complete and align them with the existing standards in VOPRF and POPRF test vectors, facilitating better interoperability and consistency across implementations.

struct {
   uint8_t evaluate_msg[Ne];
   uint8_t evaluate_proof[Ns+Ns];
   uint8_t proof_random_scalar[Ns];
} TokenResponse;