fix: reject VK with log_circuit_size=0 in UltraKeccak verifier (#22319)

## Summary

Fixes a memory-safety vulnerability in the native UltraKeccak non-ZK
verifier where a malformed verification key with `log_circuit_size = 0`
causes an out-of-bounds write in `get_dyadic_powers_of_challenge`.

---------

Co-authored-by: ludamad <adam.domurad@gmail.com>

Author: AztecBot

barretenberg/cpp/src/barretenberg/transcript/transcript.hpp

@@ -295,6 +295,7 @@ template <typename Codec_, typename HashFunction_> class BaseTranscript {
     template <typename ChallengeType>
     std::vector<ChallengeType> get_dyadic_powers_of_challenge(const std::string& label, size_t num_challenges)
     {
+        BB_ASSERT(num_challenges > 0, "get_dyadic_powers_of_challenge called with num_challenges=0");
         ChallengeType challenge = get_challenge<ChallengeType>(label);
         std::vector<ChallengeType> pows(num_challenges);
         pows[0] = challenge;

barretenberg/cpp/src/barretenberg/ultra_honk/ultra_verifier.cpp

@@ -30,7 +30,10 @@ template <typename Flavor, class IO> size_t UltraVerifier_<Flavor, IO>::compute_
         return static_cast<size_t>(Flavor::VIRTUAL_LOG_N);
     } else {
         // Non-padded: use actual circuit size from VK (native only)
-        return static_cast<size_t>(verifier_instance->get_vk()->log_circuit_size);
+        const size_t log_circuit_size = static_cast<size_t>(verifier_instance->get_vk()->log_circuit_size);
+        BB_ASSERT_GTE(
+            log_circuit_size, static_cast<size_t>(1), "VK log_circuit_size is 0, which is invalid for any circuit");
+        return log_circuit_size;
     }
 }