Challenge in accumulation mode

[davxy]

DLEQ-vrf sign / verify functions take as input an object which implements IntoTranscript trait.

This means the user is free to construct and pass a transcript constructed via the new_blank_accumulator, which internally uses the AccumulateMode.

This prevents to panic and to correctly handle such a case

[burdges]

LGTM

I'm unsure if this matters, given how Fiat-Shamir transforms works, but yeah doing this costs nothing, so good.

[burdges]

As you're looking at Transcript, I'll point out that accumulation mode transcripts could in theory be deserialized and checked, which makes them useful for remote signers. This is one of the improvements over merlin, but it's still optimized for just doing the transcript.

In my mind, there is a question of whether we should use this enum here, or if we should use a trait. I selected an enum because it'll cost nothing next to the hashing and the trait makes the code messier.