Cardano Updates

release-cabal-version (set by scripts/release/release-candidate.sh:42)
strips the leading 0. from the cabal version field, so the sanity
check needs to do the same to avoid spuriously failing every run.

Caught by self-test against PR #5274.

Catches stale Cachix substitutions and broken checkouts at build
time rather than during verify-artifacts. Two new steps in the
build-artifacts job:

1. Sanity-check checkout: assert the working tree's HEAD and the
   wallet cabal version both match the values produced by the
   prepare job, so a mis-checked-out runner cannot enter the build.

2. Smoke test built artifact: assert the result/ archive's
   filename contains the expected git tag, then extract and
   assert the binary's `version` output contains it too. Skipped
   for the docker-image entry and for Windows (no wine on the
   builder; verify-artifacts still covers it).

Refs cardano-foundation/cardano-wallet#5273.

The signedTx wrapping in Cardano.Wallet went through
toCardanoApiTx -> inAnyCardanoEra -> sealedTxFromCardano purely to
smuggle the already-ledger tx back through cardano-api. Use the
existing ledger-native sealWriteTx from Transaction.Ledger instead
(now exported). Drops the two cardano-api bridges inAnyCardanoEra and
sealedTxFromCardano from this module.

Also refresh the sealWriteTx haddock (the function has been ledger-
native since the last revamp; the stale comment claimed otherwise).

Mirror the TransactionsNew.hs:getMetadataFromTx port: project metadata
directly from Read.Tx era via Meta.getMetadata . Meta.getEraMetadata
instead of round-tripping through cardano-api. Drops the two callers
of cardanoTxIdeallyNoLaterThan in this file and the Cardano.Api /
ApiEra qualified imports.

Server.hs carried a local copy of sealWriteTx that re-entered
cardano-api (toCardanoApiTx + sealedTxFromCardano) to wrap an already
ledger-native balanceTx result. Import the ledger-native sealWriteTx
from Transaction.Ledger instead; the local helper goes away. Two call
sites now pass Write.recentEra explicitly.

Drops the cardano-api bridges cardanoEraFromRecentEra, toCardanoApiTx
and W.sealedTxFromCardano from this module's imports.

The function has been an ADP-3077 TODO stub (error "...") for a long
time; the commented-out cardano-api body still referenced
getSealedTxBody and sealedTxFromCardanoBody, which blocks their
removal. Drop the dead block and note that a future implementation
should operate on Read.Tx era via reqSignerHashesTxBodyL.

Enumerates every remaining caller of the deprecated surface after
#5271: production (Cardano.Wallet.hs, Server.hs), old tx builder
(Shelley/Transaction.hs, partially overlaps with #5243), integration
tests (Shared/Transactions.hs, addRequiredSigners in TransactionsNew)
and unit tests (TransactionSpec, TransactionLedgerSpec).

Organises the work into three phases:
  A. reachable without #5243 (4 sites)
  B. unit-test migration (~20 sites, two files)
  C. delete the bridge functions and the three Cardano.Api*
     imports in SealedTx.hs

Catches stale Cachix substitutions and broken checkouts at build
time rather than during verify-artifacts. Two new steps in the
build-artifacts job:

1. Sanity-check checkout: assert the working tree's HEAD and the
   wallet cabal version both match the values produced by the
   prepare job, so a mis-checked-out runner cannot enter the build.

2. Smoke test built artifact: assert the result/ archive's
   filename contains the expected git tag, then extract and
   assert the binary's `version` output contains it too. Skipped
   for the docker-image entry and for Windows (no wine on the
   builder; verify-artifacts still covers it).

Refs cardano-foundation/cardano-wallet#5273.

Introduce sealedTxFromLedgerTx :: Read.IsEra era => Read.Tx era -> SealedTx.
Serialises via Read.serializeTx (ledger-native) and wraps in EraValue
without any cardano-api involvement.

Migrate sealWriteTx in Transaction.Ledger.hs to use the new
constructor, pattern-matching on RecentEra to witness the era.
Removes the toCardanoApiTx -> sealedTxFromCardano' roundtrip,
dropping the Cardano.Api.Extra import from that module.

Step 2a of SealedTx decommission plan.

Replace cardano-api round-trip with direct Read.Tx era projection via
Meta.getMetadata . Meta.getEraMetadata. Drops the four callers of
cardanoTxIdeallyNoLaterThan in this file (the cardano-api re-decode
was only used to feed getTxBody/txMetadata).

No behavioural change: the ledger metadata path is what Server.hs and
DB.TransactionInfo already use.

Introduce sealedTxWitnessCount :: SealedTx -> Int, counting VKey
plus bootstrap witnesses via 'addrTxWitsL'/'bootAddrTxWitsL' on the
stored 'EraValue Read.Tx'. Byron txs counted as 0 (wallet doesn't
construct them through SealedTx).

Migrate Server.hs's two 'length $ getSealedTxWitnesses sealedTx'
sites (redeemer and witness accounting) to use it. Drops
'getSealedTxWitnesses' from Server.hs's import list.

Step 2b of SealedTx decommission plan.

Replace cardanoTxInExactEra (cardano-api path) with
deserializeTx (ledger-native) in the redeemer-bearing
partial tx parser. Pattern-matches on RecentEra era so
the era singleton witnesses the target ledger type.

One fewer caller of cardano-api's
'deserialiseFromCBOR / InAnyCardanoEra Cardano.Tx' path.
'fromCardanoApiTx' → direct use of 'Read.Tx era' unwrapped
into 'Write.Tx era'.

Five-step plan to remove the three remaining Cardano.Api imports from
lib/primitive/lib/Cardano/Wallet/Primitive/Types/Tx/SealedTx.hs by
eliminating the bridge functions (cardanoTxIdeallyNoLaterThan,
cardanoTxInExactEra, sealedTxFromCardano*, getSealedTxBody,
getSealedTxWitnesses, cardanoApiTxToReadTx).

Replace the cardano-api path
(SealedTx → unsealShelleyTx → TxInMode → toConsensusGenTx → GenTx)
with a direct ledger-native path
(SealedTx → unsafeReadTx :: EraValue Read.Tx → consensusGenTxFromTxRecent → GenTx).

The stored 'EraValue Read.Tx' already knows its era, so the
separate 'readCurrentEra' query is no longer needed, and
'TxInMode' / 'toConsensusGenTx' / 'unsealShelleyTx' /
'UnsealException' all become unused.

Deletes:
  - Cardano.Wallet.Primitive.Ledger.Shelley.unsealShelleyTx
  - Cardano.Wallet.Primitive.Ledger.Shelley.UnsealException
  - cardano-api 'TxInMode' import in primitive
  - cardano-api 'toConsensusGenTx' import in network-layer

Adds 'unsafeReadTx' to the re-export of 'SealedTx' in
Cardano.Wallet.Primitive.Types.Tx. Step 1 of SealedTx decommission
plan. One fewer caller of 'cardanoTxIdeallyNoLaterThan'; the
submission path no longer touches cardano-api.

Replace compareOnCBOR's roundtrip through cardano-api
(cardanoTx → Cardano.serialiseToCBOR) with the raw bytes
already stored in SealedTx.serialisedTx. Identical
comparison outcome, one fewer caller of
cardanoTxIdeallyNoLaterThan. Step 1 of SealedTx
decommission plan.

Following the migration of parsePartialTx to deserializeTx,
cardanoTxInExactEra has no external callers. Remove it along
with the now-redundant Data.Data import in SealedTx.hs.

## Summary

Remaining call-site migration after #5270 merged. This branch is rebased
directly onto current `master` and contains the commits that switch
existing wallet call sites onto the ledger-native surfaces introduced by
#5270.

Base branch: `master`.
Follow-ups: #5271, then #5272.

## What is in this PR

| # | SHA | Purpose |
|---|---|---|
| 1 | `84bd668` | Use `constructUnsignedTxLedger` in `balanceTx` paths |
| 2 | `4c8b61b` | Replace `AnyCardanoEra` with `Read.EraValue` in
NetworkLayer |
| 3 | `55097e6` | Build delegation and voting certificates in
`balanceTx` paths |
| 4 | `f5b8ed2` | Replace `StakeAddress` with wallet-owned
`RewardAccount` |
| 5 | `26bad3e` | Migrate `TxMetadata` end-to-end to wallet-owned types
|
| 6 | `d543a6b` | Adapt singleton network conversions to #5270's
`sNetworkIdToLedger` helper |

The foundation work previously described here landed in #5270. In
particular, the wallet-owned `NetworkId`, `TxMetadata`, `SealedTx`,
ledger-native transaction builders, certificate helpers, and witness
helpers are now part of `master`.

## What this PR does not do

- It does not delete the remaining cardano-api bridges.
- It does not remove `cardano-api` from cabal files.
- It does not delete `lib/cardano-api-extra/`.
- It does not finish the `SealedTx` decommission; that remains split
across #5271 and #5272.

## Test plan

- [x] Rebased cleanly onto `origin/master` after #5270 merged
(2026-04-25).
- [x] `nix develop --command cabal build cardano-wallet
cardano-wallet-api cardano-wallet-unit:unit --enable-benchmarks
--enable-tests --minimize-conflict-set -O0 -v0`
- [ ] CI green on the rebased tip.

Note: `just build 'cardano-wallet cardano-wallet-unit:unit'` reaches
unrelated `cardano-wallet-read` deprecation/unused warnings promoted by
`-Werror` on this branch; the same target without `-Werror` passes.