Transparent integers

[karthikbhargavan]

This PR modifies the F* model of machine integers so that they are transparent to the normalizer and hence more amenable to tactic based proofs.

The current model of machine integers in proof-libs/fstar/rust_primitives/Rust_primitives.Integers.fsti is based on HACL* integers (Lib.IntTypes.int_t), which in turn is based on F* integers (FStar.UInt*.t). This has several advantages:

• the possibility of proving secret independence, using secret integers
• compatibility with HACL* specifications for crypto primitives
• the ability to use classic F* integer constants.

Conversely, for verification this model has some deficiencies:

• integers are constructed using an opaque function int_to_t
• extracting the underlying integer requires the application of a ghost function v
  Consequently, any proofs that rely on mathematical properties of integers cannot use "normalization" and instead must rely on the careful application of lemmas that reveal that int_to_t and v are inverses of each other. It also makes it particularly hard to define tactics that can verify mathematical algorithms like ML-KEM and ML-DSA.

In the current PR, we cut the link the HACL* integers, and to F* integers, and instead locally define all machine integers as wrappers around mathematical integers. This allows us to be transparent about the implementation of integers, significantly simplifying their semantics. We expect that this will significanly help with writing new tactics and automation for proofs, and will speed up existing proofs.

This PR is the first round of changes and aims to be non-disruptive.
A future PR will link the definition of these integers also to their bitvector representations.

(We need to test this PR for libcrux and other projects. This comment will be removed or amended when these tests are done.)

[karthikbhargavan]

Libcrux passes lax checking with some edits.

cryspen/libcrux#756