Cardano Updates

UTxOEnv now carries the pre-batch CertState directly rather than a
precomputed DepositsChange, so the LEDGER computational instance no
longer needs separate environments for the valid and invalid cases.
The two old builders (utxoΓ-valid : CertState → CertState → UTxOEnv,
utxoΓ-invalid : UTxOEnv) collapse into a single

   utxoΓ : UTxOEnv
   utxoΓ = ⟦ slot , pparams , treasury , utxo₀ , certState
           , allScripts , RewardsOf certState ⟧

with certState (= the pre-batch state) used in both the LEDGER-V and
LEDGER-I cases.  This resolves the [NotInScope] error from
calculateDepositsChange (which no longer exists) and removes the
vestigial CertState → CertState arguments to utxoΓ-valid that were
unused after the refactor.

The completeness side gets one small additional change: the implicit
argument order in the LEDGER-V destructuring is reorganised to match
the constructor's declared order
   {utxoState₁ , govSt₁ , certSt₁ , certSt₂ , govSt₂ , utxoSt₂}
so the subsequent computeSubledgers / computeEntities / computeGov /
computeUtxow pattern matches against the right intermediate states.

Also adds a "Design Note: Cert-State Threading and Deposit Accounting"
subsection to Utxo.lagda.md explaining the rationale for the
refactor.  Key points:

+  The UTXO rule has been promoted from a consumer of CertState data
   to a secondary executor of certificate accounting:
   updateCertDeposit recomputes the deposit evolution that the
   CERT/ENTITIES rules also produce as part of their operational
   semantics.
+  The same certificate-deposit logic now exists in two places --
   inside the DELEG/POOL/GOVCERT sub-rules of CERT, and inside
   updateCertDeposit in Utxo.lagda.md.
+  Any drift between the two is a soundness problem, since it would
   admit transactions whose UTxO-side balance equation accepts but
   whose actual CertState evolution doesn't balance.  The note states
   the consistency obligation as a lemma to be discharged alongside
   LEDGER-pov.

added:
* github:IntersectMBO/cardano-db-sync/ef00c76513947b356b81505ca3792b89322bd792#packages.x86_64-linux."cardano-db-sync:exe:cardano-db-sync"
* github:IntersectMBO/cardano-db-sync/ef00c76513947b356b81505ca3792b89322bd792#packages.x86_64-linux."cardano-db-tool:exe:cardano-db-tool"
* github:IntersectMBO/cardano-db-sync/ef00c76513947b356b81505ca3792b89322bd792#packages.x86_64-linux."cardano-smash-server:exe:cardano-smash-server"
* github:IntersectMBO/cardano-db-sync/ef00c76513947b356b81505ca3792b89322bd792#packages.x86_64-linux.cardano-smash-server-no-basic-auth

Signed-off-by: cryptodj413 <[email protected]>

ChainSel must not select a chain that includes a CertRB whose certified
EB closure is not locally available; otherwise 'resolveLeiosBlock'
crashes when the block-add path tries to recover the closure.

Wire-up:
- 'CDB' carries 'cdbLeiosDbHandle :: LeiosDbHandle m' so ChainSel can
  read the closure cache on the block-add hot path without threading
  the snapshot through every caller.
- 'chainSelectionForBlock' reads 'readCompletedClosures' on each
  iteration; the read is O(1) (TVar) so this is cheap.
- New 'ignorePendingCertRBs' wrapper around 'lookupBlockInfo'.  Mirrors
  the existing 'ignoreInvalid' wrapper.  Both lookup paths
  ('lookupBlockInfo'' and 'succsOf'') filter against the same set.

Filter body itself is a stub:
'computeCertRBsWithPendingEbClosures' returns 'Set.empty'.  The real
implementation walks the VolatileDB forward from the immutable tip and,
for each header satisfying 'headerIsCertRB', extracts the certified
'EbHash' from the parent's 'headerEbAnnouncement' and checks it against
'readCompletedClosures'.  Lands in the next step of the late-join
workstream.

'Node.hs' / 'Test/ThreadNet/Network.hs' pass the handle to
'openChainDB'; no more 'LeiosOutstanding' MVar lifting.

Bumps [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) from 2.55.0 to 2.60.1.
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/[email protected]/packages/kit)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.60.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>

Add 'readCompletedClosures :: m (Set EbHash)' to 'LeiosDbHandle'.  The
handle owns a TVar; ChainSel will read it on the block-add hot path
(O(1) 'readTVarIO').

Seed at construction:
- SQLite: 'SELECT ebHashBytes FROM ebs WHERE missingTxCount IS NOT
  NULL AND missingTxCount <= 0'.  Covers both "just completed" (0)
  and "completed and notified" (-1); both states mean the closure is
  in the DB.  Run on a short-lived connection that also guarantees
  schema initialisation before any 'open'-ed connection later.
- In-memory: derive from 'imTxs' / 'imEbBodies' via the same
  predicate the insert paths use.

Update inside the existing insert paths:
- Both SQLite insert paths share a 'findAndMarkCompletedEbs' helper
  inside the BEGIN and a 'notifyAndCacheCompleted' helper after
  COMMIT.  The notify+cache step pushes the just-transitioned
  closures into the cache.
- In-memory insert paths do the same update inside their STM
  transaction, so the state mutation and the cache update are
  atomic.

'LeiosDemoLogic.msgLeiosBlock' now also emits
'TraceLeiosBlockTxsAcquired' for closures completed by a body
insert (not just tx inserts), matching the symmetry the cache update
exposes.

Cache is unbounded for now; future work caps it to a k-window with
DB query on miss.  See 'readCompletedClosures' TODO and the
late-join plan.

ChainSel needs two header-level queries to identify CertRBs whose
certified EB closure is not locally available: 'headerIsCertRB' on
the candidate header, and 'headerEbAnnouncement' on its parent.

Add both methods to 'ResolveLeiosBlock' without defaults: a silent
'False' / 'Nothing' default would let a future block-type author
forget to override, and ChainSel would silently degrade to "never
filter a CertRB" without a compile error.  Every instance now
defines all three methods.

The Praos Shelley instance reads 'hbIsCertRB' / 'hbMayEbAnnouncement'
off the body.  Cardano dispatches to Conway for both methods.  Every
other instance (Byron, mock, test, single-era HFC wrappers) spells
out the "never a CertRB" stance explicitly.

Add 'hbIsCertRB' to 'HeaderBody' (and mirror on 'HeaderView') for the
CIP-0164 header bit signalling that this RB certifies a
previously-announced EB.  Thread the bit through 'mkHeader' (Praos
and TPraos; the latter ignores it) and the Shelley forge path.

Encode canonically: every header is len=12 carrying
@(Bool, Maybe EbAnnouncement)@.  Decode still accepts len=10
(pre-Leios) and len=11 (announcement-only) for back-compat with
existing on-disk data; new encodings never produce those shapes.
Two valid encodings for the same logical header would have made
hashing / signature over the encoded form non-canonical.

Per-header cost: one byte for the Bool plus one for the
Maybe-Nothing tag when no announcement is present.

Parameterise runThreadNet over NodeJoinPlan and add a new property
that starts node 3 at a random slot while nodes 0-2 run from slot 0.
Demonstrates the crash in 'resolveLeiosBlock' when a late-joining
node encounters a CertRB referencing an EB it never received.

The fix lives later in the workstream; this commit just makes the
gap visible.