Cardano Updates

- ComputeCommittee now errors when the coverage target is unreachable
  (pool stake sum below sigma_c of total active stake) instead of
  returning a partial committee
- NewVoterRegistry rejects non-28-byte pool key hashes and duplicate
  entries that normalize to the same pool hash
- LoadVoteSigningKeyFile rejects oversized key files instead of
  silently truncating, and reuses keystore.CheckOpenFilePermissions
  (newly exported) so Windows gets the real DACL check instead of a
  no-op; the leios-local permission shims are removed
- VerifyVoteSignature subgroup-checks the public key for callers
  outside the package
- Vote store prunes expired entries before the dedup check so a stale
  vote id cannot block a fresh vote after TTL
- NextVotes persists the per-connection cursor only on successful
  delivery so aborted waits do not skip undelivered votes
- WithLeiosVoterPublicKeys copies the caller's map

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

Implement the CIP-0164 (post cardano-foundation/CIPs#1196) stake-based
voting committee model in a new ledger/leios package:

- Committee selection: order pools by active stake descending (pool key
  hash ascending on ties), select until cumulative coverage reaches the
  CommitteeStakeCoverage (sigma_c) parameter, and assign stable voter_id
  indexes. The committee derives from the same epoch-2 stake snapshot
  cadence as Praos leader election and is memoized in memory.
- Stake quorum: votes must represent at least QuorumStakeThreshold (tau)
  of total active stake, evaluated with exact rational arithmetic. The
  tau < sigma_c invariant is revalidated wherever parameters are read.
- Votes: one uniform vote per endorser block per voter (slot_no, EB
  hash, voter_id, BLS signature). Real BLS12-381 MinSig sign/verify/
  aggregate via gnark-crypto, with lenient verification pending CIP-0164
  key registration: a static config registry (leiosVoterPublicKeys)
  supplies voter public keys, and votes from unknown voters count toward
  observed stake but never toward certificates.
- Certificates: signers bitfield plus one aggregated BLS signature
  (gouroboros LeiosEbCertificate), built only from verified votes once
  verified stake meets tau, announced via a new leios.eb_quorum event.
  Validation is exposed but not yet wired into block validation; the
  Dijkstra CDDL leios_cert slot is still an upstream placeholder.
- VoteManager: TTL-bounded in-memory vote store with per-(slot, voter)
  dedup (first vote wins on equivocation), per-connection serving
  cursors for the exactly-count LeiosVotes protocol semantics, local
  vote emission for block producers with a leiosVoteSigningKeyFile, and
  pruning on chain rollbacks and epoch transitions.

The LeiosVotes/LeiosFetch protocol handlers now delegate to the vote
manager through a LeiosVoteHandler interface, the LeiosVotes client is
started on outbound connections, and storing an endorser block triggers
local vote emission.

Fixes #2424

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Chris Guiney <[email protected]>

Add the child-before-parent handling to leiosAddBlockListener. Two ChainSync
clients can interleave their AddBlock writes, so a CertRB can enter chain
selection before the RB that announced its EB. When that happens the CertRB's
own listener pass finds no cached announcement and cannot read the EB hash to
hold it back, so the block would be selected with a closure it does not have.

A new reverse index, certRbsByAnnouncer, maps an announcer's header hash to the
CertRB children that certify the EB it announced, kept only for CertRBs whose
announcer had not been added when they arrived. recordIfOrphan files such a
CertRB there. When its announcer is later added, sweepOrphanedCertRbs reads the
entry, drops it, and holds each child back if the announced EB's closure is
still missing. The listener runs the sweep for every block, since any block may
be an announcer.

The map holds only CertRBs whose announcer has not arrived yet: the entry is
dropped as soon as the announcer is added, and once the announcer is cached its
later children take the direct path. gcPruner does not touch it.

This changes no behaviour: nothing registers the listener yet. The
ouroboros-consensus library builds under -Werror.

Add leiosAddBlockListener, the per-block bookkeeping update for the late-join
feature. ChainDB will run it synchronously, in STM scope, between writing a
block to the VolatileDB and running chain selection on it. Sharing the
transaction that adds the block closes the window an asynchronous listener would
leave: there is no moment when the block is in the VolatileDB but absent from
this state, so a closure arriving "in between" cannot strand the block.

For every block the listener records the slot and announced EB point in
headerAnnouncementsCache. For a CertRB whose certified EB closure is not yet
local, it adds the block to announcementsMap so getBlockedCertRBs holds it back.
The certified EB hash comes from the parent's cached announcement, not from the
block itself: a CertRB certifies the EB its parent announced (CIP-0164).

Two helpers carry the work: parentAnnouncement reads the parent's announced EB
hash from a cache snapshot, and blockCertRbIfClosureMissing inserts into
announcementsMap only when the closure is still missing.

This changes no behaviour: nothing registers the listener yet, so it does not
run. The ouroboros-consensus library builds under -Werror.

* feat(blockfrost): expose Conway-era protocol parameters in epoch endpoints

Signed-off-by: cryptodj413 <[email protected]>

* fix(blockfrost): address review

Signed-off-by: cryptodj413 <[email protected]>

---------

Signed-off-by: cryptodj413 <[email protected]>