ci: add sumcheck performance regression guard

[kunxian-xia]

Problem

Sumcheck performance regressions are currently detectable only by manually running Criterion benches.

Approach

Add a PR-only GitHub Actions guard for PRs targeting main. The workflow compares the PR base SHA against the head SHA with the sumcheck ceno_batched_main Criterion bench on tiny scale and fails when Criterion reports a regression beyond the configured noise threshold.

Testing

• bash -n .github/scripts/check-criterion-regression.sh
• Parsed .github/workflows/perf-regression.yml as YAML.
• Ran the guard locally against the same origin/main SHA; it reported no Criterion regression.

Risk / Rollout

Main risk is CI noise from benchmark variance. The guard uses a small deterministic benchmark, fixed Rayon thread count, and a 15% noise threshold; roll back by disabling or reverting the workflow if it proves flaky.

Copilot Reviewer Directive (keep this section)

When Copilot reviews this PR, apply .github/copilot-instructions.md strictly.

• Perform review only; do not commit/push/propose code changes.
• Prefer inline comments on changed lines for each actionable finding.
• If inline comments are unavailable, use [severity] path:line (symbol) format.
• Prioritize soundness, performance, and architecture risks over style.
• Output order: findings by severity, then open questions, then brief summary.
• If PR description is empty or missing key context, report PR metadata: description as a finding.