Brings the nullifier-based wallet balance fetch (NullifierIndex,
sync_updates_via_nullifiers) onto the vpk-binding base, so account
updates are found by nullifier rather than only by view tag.
Conflict resolutions (semantic):
- wallet/lib.rs: keep vpk-binding's for_private_account(npk, vpk, kind);
add theirs' nsk into the 4-tuple consumed by index.track().
- wallet/storage/key_chain.rs: keep theirs' private_account/private_accounts
split (the iterator is reused by the nullifier index) and restore the vpk
in the derivation; adapt 4 pre-vpk call sites (for_private_account 2->3 arg,
AccountId::from((npk,id)) -> (npk,vpk,id)).
- artifacts/*: took ours; regenerate with `just build-artifacts`.
* initialize pq encryption changes
* key agreement update
* add test and other fixes
* ci fixes
* fix unit tests
* updates from main and ci
* added updated specs for pq encryption
* addressing comments
* addressed comments
* fix clippy errors from main merge
* Rebased to main
BREAKING CHANGE:
- Crate `nssa` renamed to `lee`; update `Cargo.toml` dependencies from `nssa = { workspace = true }` to `lee = { workspace = true }`.
- Crate `nssa_core` renamed to `lee_core`; update similarly.
- Crate `key_protocol` moved under `lee`; update `Cargo.toml` dependencies from `key_protocol = { workspace = true }` to `lee_key_protocol = { workspace = true }`.
- Type `NSSATransaction` (in `common`) renamed to `LeeTransaction`.
- Error type `nssa::error::NssaError` renamed to `lee::error::LeeError`.
- Error type `nssa_core::error::NssaCoreError` renamed to `lee_core::error::LeeCoreError`.
- All `use nssa::` and `use nssa_core::` import paths must be updated to `use lee::` and `use lee_core::` respectively.
- Guest programs must replace `write_nssa_outputs` with `write_lee_outputs`.
- The sequencer RocksDB column family for the chain state was renamed. Existing databases are incompatible and must be wiped before running the new version.
- Domain separators updated: `"NSSA_seed"` → `"LEE_seed"` (key derivation), `"NSSA/v0.2/KDF-SHA256/"` → `"LEE/v0.2/KDF-SHA256/"` (encryption KDF), `"/NSSA/v0.2/AccountId/PDA/"` →
`"/LEE/v0.2/AccountId/PDA/"` (public PDA address derivation). All previously derived keys, encrypted outputs, and public PDA addresses are invalidated.