Cardano Updates

- Structure: Separates cost models from the rest of the parameters.
- Consistency: Shelley genesis is the full object, no only the "protocolParams" field.
- Consistency: Uses everywhere an object for the cost model, no arrays.
- Cost model names are updated.

Were removed when the node started only considering valid what mainnet shipped with

The pool relays were wrote into the Shelley genesis (via `pool-relays.json` and `cardano-cli ... --relays` / `--relay-specification-file`) are only consumed by ledger-peer discovery.

With ledger peers off and `publicRoots` empty, the relay records in genesis are never read.

Every workbench topology disables it:
- the supervisor (local / 127.0.0.1) backend gets `useLedgerAfterSlot: -1` from `cardano-topology projection-for`.
- the Nomad backend hardcodes the same value (nix/workbench/backend/nomad-job.nix).

Was converging to `create-staked` output, keep `create-testnet-data` layout:
- pools-keys/poolN/{cold,kes,vrf,opcert}.{skey,vkey,cert,counter}
- stake-delegators/delegatorN/{payment,staking}.{skey,vkey}
- drep-keys/drepN/drep.{skey,vkey}
- utxo-keys/utxoN/utxo.{skey,vkey}
- genesis-keys/genesisN/key.{skey,vkey}
- delegate-keys/delegateN/{key,kes,vrf,opcert}.{skey,vkey,cert,counter}
- byron-gen-command/

Normalises genesis files names. Every era's genesis file is now genesis.<era>.json everywhere:
- genesis.byron.json
- genesis.shelley.json
- genesis.alonzo.json
- genesis.conway.json
- genesis.dijkstra.json

Details:
- create-testnet-data drops its symlink-creation block and the `link_keys` helper (no longer needed under the native layout).
- Removes `Massage_the_key_file_layout_to_match_AWS`, `key_depl` and `key_genesis`.

Genesis file names are unchanged here.

Replaces 'cardano-cli byron genesis genesis'.

This introduces changes to the cache output so the directory entry now has the "v2" suffix.

Removes genesis-byron-{jq,modular} and the genesis-byron dispatcher.

Use GenesisVerifier::try_from_hex and signer.create_verifier, drop the removed
ensure_supports_era calls, and return a typed LegacySigningKey error on offline sign.

The pool_relay encoder serialized the unsigned Word16 port as a signed
int2, so relay ports above 32767 wrapped to negative values
(port - 65536). The pool_relay.port SQL column is int4, so the wrapped
value was stored verbatim.

- Encode the port as int4 to match the column and preserve the full
  0-65535 range.
- Add migration-2-0049 to repair already-stored rows by adding 65536 to
  every negative port (no-op on a clean or freshly synced database).
- Add a cardano-db IO regression test that inserts a relay with port
  41950 and asserts it round-trips (fails with the old int2 encoder,
  reading back -23586).
- Give the chain-gen test relay a port > 32767 so the end-to-end pool
  path also exercises the full range.

Validate the rigid protocol message in the genesis producer and signer so a missing SNARK aggregate verification key fails fast instead of signing zeros.

Route the certificate hash migrator through 'Certificate::try_compute_hash'
so a serialization error surfaces instead of crashing the migration.

'check_rigid_integrity' is a no-op on legacy messages, so guard with 'is_rigid' to avoid signing an unintended preimage from the wrong message variant.

Compute the hash with 'try_compute_hash' and propagate serialization errors instead of relying on a construction-time panic, updating the genesis producer and certifier callers.

Add fallible 'Certificate::try_compute_hash' and route certificate
verification through it, so a serialization error surfaces instead of
panicking. 'compute_hash' stays infallible for construction-time use.