Cardano Updates

Add certificate-based filtering to the watch module, enabling clients
to monitor transactions containing specific certificate types (stake
registration, delegation, pool registration, DRep, etc).

Includes tests using real mainnet delegation tx CBOR data.

The predicate was already derived from start_shard >= total_shards but
its name described the consequence in finalize ("replay no-op") rather
than the state ("shard work is complete"). With the state framing, the
same predicate is meaningful in initialize too: assign the fields
unconditionally from progress, then check is_complete() for the
short-circuit. Removes the special-cased branch that previously set
start_shard = p.total inline.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

- Fix EpochWrapUpV2 docstring: variant index is 42, not 40 (counting
  past EWrapProgress=39, EStartProgress=40, RupdProgress=41).
- Add TODO(wal-compat) block above EpochWrapUpV2 mirroring the V1
  block, so the V3 cutover has the same documented removal trigger
  ("no on-disk WAL row references variant index 42").
- Document is_replay_noop() precondition: must be called after
  initialize(); a freshly-new()'d unit would spuriously report true.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

EpochState had no flag distinguishing "EWRAP not started" from "EWRAP
done, ESTART pending finalize" — both showed `ewrap_progress = None`.
A crash between EWRAP finalize and ESTART finalize left the cursor
behind the boundary block (cursor only advances at ESTART finalize),
so the next live block re-triggered EWRAP for the same boundary. The
replay ran visitors over partially-rotated accounts and panicked at
`PoolDelegatorRetire::apply`'s `unreachable!`.

Add `EpochWrapUpV3` that no longer clears `ewrap_progress` on apply —
the field stays at `Some(total, total)` after EWRAP finalize and is
cleared only by `EpochTransitionV2` at ESTART finalize. That single-
writer invariant makes `committed == total` the unambiguous "EWRAP
done, ESTART pending" marker. `EwrapWorkUnit::initialize` reads it,
sets `start_shard = total_shards` to skip the shard loop, and a new
`is_replay_noop()` accessor lets `finalize` no-op too. The next
boundary trigger falls through to ESTART, which resumes from
`estart_progress.committed` via the existing per-shard path.

V2 stays around `#[deprecated]` for WAL replay of historical rows,
mirroring the V1 → V2 cutover pattern.

Follow-up TODOs left at `PoolDelegatorRetire::apply` and
`DRepDelegatorDrop::apply` for the deeper hardening (read via
`snapshot_at(self.epoch)`; guard schedule on `entity.epoch() ==
Some(self.epoch)`) — the recovery short-circuit removes the known
trigger but the visitor/delta read divergence is still fragile.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Add four Canceled(1270) entries for ParameterChange proposals on
preview that were superseded by 014c32e5...#0 enacted at epoch 1270.
Without these, the proposals would fall through to Unknown and
expire via max_epoch instead of being correctly canceled at 1270,
mismatching DBSync timing.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Add (10, 11) entry to migrate_pparams_version so a v10→v11 boundary
no longer panics in force_pparams_version. Van Rossem is an intra-
Conway-era hardfork (no new pparams, certs, gov actions, or CBOR
shape), so intra_era_hardfork is the correct migration helper.

Ledger-side van Rossem support (V1/V2 cost-model backport, VRF-key
uniqueness in pool registration, reference-input validation update,
strict CostModels validation in PParamsUpdate) is tracked upstream
in pallas issues #752, #753, #754, #755 and is gated on those.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

The endpoint is now deprecated, see also
* https://github.com/blockfrost/openapi/pull/451
* https://github.com/blockfrost/blockfrost-backend-ryo/pull/325

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

The endpoint is now deprecated, see also
* https://github.com/blockfrost/openapi/pull/451
* https://github.com/blockfrost/blockfrost-backend-ryo/pull/325

Register both UTxORPC v1alpha and v1beta service implementations on the
same listener. Clients pick which proto package they call; on the wire
the two are entirely separate gRPC services (utxorpc.v1alpha.* vs
utxorpc.v1beta.*), so no routing logic is needed and v1alpha bytes stay
unchanged.

Layout:
- src/serve/grpc/v1alpha/{query,sync,watch,submit}.rs - moved from
  src/serve/grpc/, imports rewritten to explicit pallas v1alpha paths.
- src/serve/grpc/v1beta/{query,sync,watch,submit}.rs - copies with
  imports swapped to v1beta. The only body divergence is in
  v1beta/query.rs read_utxos, where Datum.original_cbor is
  Option<Bytes> rather than Bytes.
- mod.rs: registers eight server impls (4 services x 2 versions) and
  10 file descriptor sets in tonic reflection.

Cargo.toml: bumps pallas to git rev 0da71c2 to pick up v1alpha and
v1beta proto packages and the v1beta::Mapper.

Drive-by: drop unused _mapper field from SubmitServiceImpl, and remove
two stale commented-out blocks in sync.rs.

Register both UTxORPC v1alpha and v1beta service implementations on the
same listener. Clients pick which proto package they call; on the wire
the two are entirely separate gRPC services (utxorpc.v1alpha.* vs
utxorpc.v1beta.*), so no routing logic is needed and v1alpha bytes stay
unchanged.

Layout:
- src/serve/grpc/v1alpha/{query,sync,watch,submit}.rs - moved from
  src/serve/grpc/, imports rewritten to explicit pallas v1alpha paths.
- src/serve/grpc/v1beta/{query,sync,watch,submit}.rs - copies with
  imports swapped to v1beta. The only body divergence is in
  v1beta/query.rs read_utxos, where Datum.original_cbor is
  Option<Bytes> rather than Bytes.
- mod.rs: registers eight server impls (4 services x 2 versions) and
  10 file descriptor sets in tonic reflection.

Cargo.toml: bumps pallas to git rev 0da71c2 to pick up v1alpha and
v1beta proto packages and the v1beta::Mapper.

Drive-by: drop unused _mapper field from SubmitServiceImpl, and remove
two stale commented-out blocks in sync.rs.