Cardano Updates

`applyDirectDeposits` uses `∪⁺` (union-with-addition) on the `rewards`
map, so a credential not present in `RewardsOf certState₂` is added as a
new entry rather than rejected.  The pre-existing SUBUTXO/UTXO premise
`dom (DirectDepositsOf tx) ⊆ dom (AccountBalancesOf Γ)` only checks
against the pre-batch balances `RewardsOf certState₀`, so it does not
catch the case where a credential is registered pre-batch, deregistered
during `CERTS`, and direct-deposited to in the same batch.  Without the
new premise, the resulting `certStateFinal` is internally inconsistent:
the credential has a positive `rewards` entry but no corresponding
`voteDelegs`, `stakeDelegs`, or `deposits` entry — effectively re-
registering the credential without a key deposit.

Add the phase-1 premise

    dom (allDirectDeposits tx) ⊆ dom (RewardsOf certState₂)

to `LEDGER-V` to rule this out.  Filtering `allDirectDeposits tx` by
`dom (RewardsOf certState₂)` would be an alternative, but it would
silently destroy user funds when a deposit and a deregistration race in
the same batch.  The premise is symmetric to (and complements) the
existing pre-batch SUBUTXO/UTXO check.

Update `Ledger/Properties/Computational.lagda.md` for the new premise,
and pass `UTxOStateOf s₁` explicitly to `computeUtxow` in the LEDGER
valid branch (the previous `_` resolved by chained unification through
the LEDGER-V constructor, which was fragile and obscured intent).

TODO: fix `Ledger/Properties/Computational.lagda.md`; it's choking on
the new premise.

# Conflicts:
#	mkdocs.yml

* refactor: remove unused recharts and busboy deps; relocate swagger CSS

- Delete src/components/ui/chart.tsx (recharts wrapper, zero consumers)
- Remove recharts from dependencies
- Remove busboy and @types/busboy (formidable is the actual uploader)
- Move swagger-ui CSS imports out of _app.tsx into api-docs.tsx

* refactor(react): use signer address as stable key in ReviewSignersCard

Replaces array index with signer address (which is unique and stable across reorder/edit) on both desktop TableRow and mobile card view, preventing form-state misalignment when signers are removed or reordered.

* ci: add PR checks workflow, basic security headers, env comment

- Add .github/workflows/pr-checks.yml (lint/typecheck/test/build, continue-on-error initially)
- Add basic security headers in next.config.js (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy). CSP and HSTS intentionally omitted.
- Add comment to src/env.js explaining why NextAuth env vars are commented (PrismaAdapter only, no providers configured)

* chore: add typecheck, format, format:check scripts

Used by .github/workflows/pr-checks.yml and developer workflow.

- typecheck: tsc --noEmit
- format: prettier --write .
- format:check: prettier --check .

* chore: refresh package-lock.json after recharts/busboy removal

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

* fix: keep swagger-overrides.css in _app.tsx (Next requires global CSS at root)

Reverts only the swagger-overrides.css move from commit 4abe300. The
swagger-ui-react/swagger-ui.css import (from node_modules) remains
local to api-docs.tsx, so the original goal of keeping that bundle
out of every page is still achieved.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>