Cardano Updates

The latest moog release dropped the moog-*-linux64.tar.gz asset; the
portable Linux binary is now the statically-linked
moog-*-x86_64-linux-musl.tar.gz. Replace the get-latest-release +
release-downloader actions with a gh release download that picks the
right asset, fixing the failing Install moog step.

Replace the local build: directives with the published image digests so
the testnet is pullable by Antithesis.

The vote driver now RNG-selects among --yes, --no and --abstain (was
yes/no). Validated live: on-chain votes show Abstain, VoteNo and VoteYes
across DRep/SPO/CC voters.

The create and vote parallel drivers coordinate through two append-only
logs in the (fault-excluded, hence durable) gov-data volume:
- created.log: txid+ix per action, appended only after on-chain confirm
- rejected.log: txid per action a vote was rejected on
The vote driver works the set difference (created minus rejected); an
action stays votable until a vote on it is rejected (e.g. on expiry).

The vote driver hands every choice to the Antithesis RNG: which action,
which voter (a random DRep/SPO/CC member), and yes/no. Each invocation
casts one voter's single vote, so the hypervisor explores the
(action, voter, decision) space.

Validated live: random voters cast mixed yes/no votes recorded on-chain
across multiple actions.

Previous detection had two problems: it only checked required_signers
without collateral, and that check was wrong — required_signers is
actually allowed in ORDINARY/MULTISIG by the v8 lib (only POOL_REGISTRATION
modes forbid it). Replace with detection that mirrors the lib's per-mode
rejection rules in parsing/transaction.ts:

- Pool registration combined with any other cert (POOL_REGISTRATION_*
  requires a sole pool reg cert; lib AUTO throws CANNOT_DETERMINE).
- Pool registration alongside Plutus signals (mutual exclusion).
- Any cert/withdrawal/voter credential that resolves to a bare KEY_HASH
  (no matching signing file). ORDINARY needs KEY_PATH, MULTISIG needs
  SCRIPT_HASH; nothing else accepts KEY_HASH outside PLUTUS (only
  auto-inferred via collateral or other Plutus signals).
- Mixed KEY_PATH + SCRIPT_HASH signals (lib AUTO can't decide ORDINARY
  vs MULTISIG, throws CANNOT_DETERMINE).
- Pool retirement in a multisig-shape tx (MULTISIG rejects pool retirement).

A new collectCertCredentials helper enumerates the credential fields a
non-unrestricted mode actually validates per cert (stakeCredential,
dRepCredential, coldCredential — but not the hotCredential on
AUTHORIZE_COMMITTEE_HOT, which the lib doesn't constrain per mode).

Known gap: device-owned outputs in a multisig-shape tx (MULTISIG forbids
device-owned outputs). Detecting this needs change-output path → address
resolution and is deferred; the lib catches it with a clear per-rule
error if hit.

Tests rewritten to use the new auto-detect triggers (pool reg + extra
cert; key-hash credential with no matching signing file), constructed by
mutating decoded bodies to avoid hand-crafted CBOR.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Bumps [github.com/blinklabs-io/gouroboros](https://github.com/blinklabs-io/gouroboros) from 0.153.1 to 0.180.0.
- [Release notes](https://github.com/blinklabs-io/gouroboros/releases)
- [Changelog](https://github.com/blinklabs-io/gouroboros/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/blinklabs-io/gouroboros/compare/v0.153.1...v0.180.0)

---
updated-dependencies:
- dependency-name: github.com/blinklabs-io/gouroboros
  dependency-version: 0.180.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.30.1 to 10.30.3.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.30.1...v10.30.3)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: Jenita <[email protected]>
Co-authored-by: Jenita <[email protected]>

Validated against a local 2-producer + 1-relay Conway testnet: pool-only
liveness, cardonnay genesis with committee seeded, setup (5 CC authorized
+ 5 DReps registered + stake delegated), create InfoAction, and DRep+SPO+CC
voting all recorded on-chain.

gov-configurator:
- run cardonnay via a shim that patches os.getlogin (fails with no tty)
- socket path directly in state-cluster0 so STATE_CLUSTER matches
- idempotent generation; generate once per volume via a .generated marker

gov-cli bash drivers:
- build_sign_submit uses transaction build-raw (no anchor download, which
  transaction build mandates and cannot skip) with explicit deposits and a
  calculated fee
- read faucet UTxO via --output-text, not jq: jq 1.6 corrupts lovelace
  amounts above 2^53, breaking value conservation by 1
- normalise 'transaction txid' JSON ({"txhash":...}) to bare hex
- create-info takes --testnet, hash anchor-data is top-level, drep-state
  needs --all-dreps

Add fallible 'Certificate::try_compute_hash' and route the certificate
verification and aggregator hash-migration paths through it, so a
serialization error surfaces instead of panicking. 'compute_hash' stays
infallible for construction-time use.

- golden-handles.txt: 25 commonly-known mainnet handles (cardano, hosky,
  minswap, bigpey, charles, ... incl. enterprise-address eth/satoshi/crypto),
  all verified present on mainnet. Names only — handles are transferable NFTs,
  so addresses are asserted by shape + round-trip, not pinned (drift-proof).
- run-golden-handles.sh: forward lookup (well-formed addr1.../stake1...) +
  reverse-by-payment-address round-trip for each golden handle.
- run-rest-spotchecks.sh: fix stdin/heredoc collision (data now passed via
  argv, not a pipe that the heredoc program shadowed) and switch the DB sampler
  to JSON output so arbitrary UTF-8 handle names parse safely; skip empty names.
- SKILL.md: document the golden step and files.

Validated live against the in-progress mainnet sync: golden 25/25, sample 10/10.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

Remove the comment block above isDraftPullRequest() in
slack-message-broker.yml and the ref-validation comment in
haddock-site.yml.

Remove duplicate Block Forging.
Added cardano-node CPU load panel.
Added GC time panel.