Cardano Updates

Bumps [openssl](https://github.com/rust-openssl/rust-openssl) from 0.10.72 to 0.10.80.
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.80)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 0.10.80
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Explorer will only show its main UI when the store is fully loaded, this avoids timing issues such as loading the aggregator from the URL which may be overriden by init logic.

Add fallback loaders for `Provider` and `Suspense` to improve user experience during the loading phase.

Wait for #2324 to merge.

This makes a couple of changes to the tests:

1. Switch from hspec to tasty. Why? Few reasons, but 1 is I want to try
[tasty-cache](https://github.com/silky/tasty-cache);
2. We get some nice formatted test output in the PRs now:
<img width="870" height="1031" alt="image"
src="https://github.com/user-attachments/assets/0c660f0e-7103-4d78-a2cd-e1b3c2e0f5a6"
/>
3. Some more tests are ran in parallel

The dynamic discovery via builtins.attrNames config.checks bakes all
check names into the script at eval time.  When downstream repos
consume the pre-push package from cardano-parts' output, the baked
names include perSystem-only checks (e.g. cardano-committee-monitor-
fixture) that don't exist in the consumer's flake, causing the hook
to fail.

Hardcode the two checks the hook should always run — lint and treefmt —
so the fixture check remains a CI/flake-check concern only.

* Move the profile readme contents from the top level general readme to the profile
* Match the profile behavior to others: auto-enable with reasonable defaults
  assuming the other co-dependencies are also imported.

Adds the centrally-rendered alert rules that consume the cardano_cc_*
series published by profile-cardano-committee-monitor, plus a README
section covering enablement, prerequisites, threshold tuning, and the
collector-cadence/staleness coupling.

Alert rules (auto-discovered via parseDir on grafana/alerts):
  - cardano_cc_term_expiring (warning, 30d default)
  - cardano_cc_term_expiring_urgent (page, 7d default)
  - cardano_cc_hot_key_unauthorized / _resigned (page)
  - cardano_cc_member_expired (page)
  - cardano_cc_member_unrecognized (page)
  - cardano_cc_to_be_expired_next_epoch (page, authoritative ledger signal)
  - cardano_cc_no_members (page)
  - cardano_cc_metrics_stale (page, 5400s, paired with hourly cadence)
  - cardano_cc_collector_absent (page)

warnDays / pageDays are constants in the alert file (per-environment
tuning via duplicated rules with environment=~"..." selectors). The
file is part of the project template, so downstream repos own it after
template init.

New profile profile-cardano-committee-monitor publishes per-member
constitutional-committee state to a prometheus textfile-collector .prom
file on an hourly systemd timer. The alloy node-exporter picks the file
up via the textfileCollectorDirectory wiring added in the previous
commit.

Metrics (all carry environment=<env>):
  - cardano_cc_member_epochs_until_expiration  (per cold_credential)
  - cardano_cc_member_seconds_until_expiration (per cold_credential)
  - cardano_cc_member_hot_cred_status          (info-gauge with status label)
  - cardano_cc_member_state                    (info-gauge with state label)
  - cardano_cc_member_next_epoch_change        (info-gauge with change label)
  - cardano_cc_current_epoch
  - cardano_cc_member_count
  - cardano_cc_seconds_per_epoch

The collector script lives in flakeModules/lib/ as a callPackage-able
writeShellApplication so the production unit and the fixture check share
the exact same text; the check swaps cardano-cli for a JSON-fixture shim
and diffs the output against a golden .prom file.

Module asserts on services.alloy.textfileCollectorDirectory != null and
services.cardano-node.shareNodeSocket = true. The cardano-node socket is
read via a SupplementaryGroups=[cardano-node node-textfile] hardened
DynamicUser=true oneshot; output is atomically published via mv on the
same filesystem. Cadence is hourly + RandomizedDelaySec=600s; the
matching staleness threshold lives in the alerts file added in the next
commit.

Wires in via flake-parts auto-discovery (recursiveImports); no
flake.nix or flakeModules/lib.nix changes needed.

Adds two opt-in options consumed by sibling profiles that publish metrics via prometheus textfile collector.

services.alloy.textfileCollectorDirectory (nullOr str, default null):
  - When non-null: enables the node-exporter "textfile" collector,
    emits the textfile { directory = ... } HCL block, creates a
    node-textfile group, and tmpfiles-rules the directory mode 2775
    (setgid so multiple publishers can share it).
  - When null: behaviour is identical to before.

services.alloy.extraPrometheusRelabelNodeKeepRegex (listOf str, default []):
  - Additional alternation arms appended to prometheusRelabelNodeKeepRegex.
    Lets sibling profiles whitelist their textfile metric series without
    a recursive mkForce on the base option.

Also extends the base prometheusRelabelNodeKeepRegex default with
node_textfile_(mtime_seconds|scrape_error) so textfile-collector
self-metrics are scrapeable (un-breaks NodeTextFileCollectorScrapeError
in templates/.../alerts/node-exporter.nix-import and enables a future
metrics-stale alert keyed on node_textfile_mtime_seconds).

Harden CI, add skill

Add a suite of closely related flat conformance tests