feat: support 0x02 compounding withdrawal credentials (EIP-7251)

[olegshmuelov]

Summary

• Add 0x02 compounding withdrawal credentials support (EIP-7251)
• Unified WithdrawalCredentials(prefix, addr) constructor replaces separate per-prefix functions
• ValidateWithdrawalCredentials() enforces 32-byte length and valid prefix (0x01/0x02)
• Remove implicit 0x01 wrapping — callers pass pre-built 32-byte credentials

[GalRogozinski]

Codex

[High] Backward-incompatible credential format change can break mixed-version clients/operators

The PR changes behavior from “accept raw address and wrap internally” to “must provide full 32-byte credentials” and enforces it in multiple paths. That is an API/protocol behavior break: existing callers still sending 20-byte values now fail hard. If rolling upgrades are expected, this can cause cross-version ceremony failures. At minimum this needs explicit migration/versioning handling (or a temporary compatibility path).

@y0sher @olegshmuelov
So everyone will upgrade a the same time

[Medium] Validation policy is inconsistent across message validators

Init now validates withdrawal credentials at message-validation time, but ValidateReshareMessage and ValidateResignMessage do not. Invalid credentials in those flows are rejected later (during result building/verification), which is later than expected and gives inconsistent failure semantics across operations.

@olegshmuelov this is a recommended fix

[olegshmuelov]

Codex

[High] Backward-incompatible credential format change can break mixed-version clients/operators

The PR changes behavior from “accept raw address and wrap internally” to “must provide full 32-byte credentials” and enforces it in multiple paths. That is an API/protocol behavior break: existing callers still sending 20-byte values now fail hard. If rolling upgrades are expected, this can cause cross-version ceremony failures. At minimum this needs explicit migration/versioning handling (or a temporary compatibility path).

@y0sher @olegshmuelov So everyone will upgrade a the same time

dkg-spec is an internal library used only by ssv-dkg - we control both and release together. Additionally, ssv-dkg operators enforce a strict version check on every incoming message (see ssv-dkg/pkgs/operator/instances_manager.go): if the initiator's version doesn't match the operator's version, the request is rejected with "wrong version".
So mixed-version ceremonies are impossible by design. The wire protocol (SSZ ssz-max:"32") already supports 32 bytes, and the --compounding flag defaults to false, preserving existing behavior.

[Medium] Validation policy is inconsistent across message validators

Init now validates withdrawal credentials at message-validation time, but ValidateReshareMessage and ValidateResignMessage do not. Invalid credentials in those flows are rejected later (during result building/verification), which is later than expected and gives inconsistent failure semantics across operations.

@olegshmuelov this is a recommended fix

This was a pre-existing gap, not something introduced by this PR - the validation didn't exist before.
Added ValidateWithdrawalCredentials to ValidateReshareMessage and ValidateResignMessage in 3c49b2c.

[MatheusFranco99]

Looks good!