Cardano Updates

Replace the old generate-then-deduplicate approach with a stateful
map builder that generates unique keys directly. This handles
occurrence indicators (optional, zero-or-more, one-or-more, bounded)
inline during map construction, retrying key generation on collisions
instead of silently dropping duplicate entries. Required nodes are
sorted first to prioritize generating mandatory entries.

- PTInt generator now covers the full CBOR int range (-2^64 to 2^64-1)
  with anti-gen producing out-of-range values
- Validator now enforces CBOR spec bounds (RFC 8949) for PTInt, PTUInt,
  and PTNInt instead of accepting any integer

Bumps [github.com/fxamacker/cbor/v2](https://github.com/fxamacker/cbor) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/fxamacker/cbor/releases)
- [Commits](https://github.com/fxamacker/cbor/compare/v2.9.0...v2.9.1)

---
updated-dependencies:
- dependency-name: github.com/fxamacker/cbor/v2
  dependency-version: 2.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/blinklabs-io/plutigo](https://github.com/blinklabs-io/plutigo) from 0.1.0 to 0.1.1.
- [Release notes](https://github.com/blinklabs-io/plutigo/releases)
- [Changelog](https://github.com/blinklabs-io/plutigo/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/blinklabs-io/plutigo/compare/v0.1.0...v0.1.1)

---
updated-dependencies:
- dependency-name: github.com/blinklabs-io/plutigo
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

The metadatum decoder now only enforces bytes/text size limits (0..64)
for decoder versions > 2, matching the previous SoftForks.validMetadata
behavior. Tests are added to roundTripShelleyCommonSpec so they run for
every era: accepting oversized values at version 2 (Shelley) and
rejecting them from version 3 (Allegra) onwards.

Changes made with the help of an LLM

Test that bytes/text up to 64 bytes decode successfully, and that
values exceeding 64 bytes are rejected.

Changes made with the help of an LLM

The decoder now enforces bytes/text size limits (0..64) for metadatums,
making the rule-level validMetadatum check redundant. Remove
validMetadatum, the SoftForks.validMetadata gate, and the Allegra
InvalidMetadata imp test that relied on constructing invalid metadatums
in-memory.

Changes made with the help of an LLM

The CDDL spec requires `bytes .size (0..64)` and `text .size (0..64)`
for transaction metadatum, but the decoder did not enforce these limits.
This moves the size validation into `decodeMetadatum` so it aligns with
the CDDL spec. The `Arbitrary Metadatum` instance is also constrained
to produce valid values, and the previously disabled CDDL anti-tests
are now enabled.

Changes made with the help of an LLM

Bumps [blinklabs-io/go](https://github.com/blinklabs-io/docker-go) from 1.25.8-1 to 1.26.1-1.
- [Release notes](https://github.com/blinklabs-io/docker-go/releases)
- [Commits](https://github.com/blinklabs-io/docker-go/compare/v1.25.8-1...v1.26.1-1)

---
updated-dependencies:
- dependency-name: blinklabs-io/go
  dependency-version: 1.26.1-1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/blinklabs-io/gouroboros](https://github.com/blinklabs-io/gouroboros) from 0.153.1 to 0.163.5.
- [Release notes](https://github.com/blinklabs-io/gouroboros/releases)
- [Changelog](https://github.com/blinklabs-io/gouroboros/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/blinklabs-io/gouroboros/compare/v0.153.1...v0.163.5)

---
updated-dependencies:
- dependency-name: github.com/blinklabs-io/gouroboros
  dependency-version: 0.163.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/fxamacker/cbor/v2](https://github.com/fxamacker/cbor) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/fxamacker/cbor/releases)
- [Commits](https://github.com/fxamacker/cbor/compare/v2.9.0...v2.9.1)

---
updated-dependencies:
- dependency-name: github.com/fxamacker/cbor/v2
  dependency-version: 2.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Remove 5 redundant NativeScript era ~ Timelock era constraints (#5319)

Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>