fix: verify and close PM-22024 default wallet seed audit finding

[m2ux]

Summary

Verify and formally close the Least Authority audit finding (A2 Issue D) regarding the Default implementation on WalletSeed that produced an all-zero seed. The core fix was merged in PR #804; this PR adds a compile-time regression test preventing re-introduction.

🎫 Ticket 📐 Engineering 🧪 Test Plan

---

Motivation

The Least Authority Node DIFF Audit (Feb 2026) identified that WalletSeed::default() returned Self::Medium([0; 32]) — a deterministic all-zero seed that could lead to predictable wallet key material and recoverable secret keys. This was classified as High severity.

PR #804 removed the Default impl and replaced the single internal placeholder usage with an explicit initializer. Code analysis confirms the fix is complete: the placeholder WalletSeed::Short([0; 16]) in ClaimMintInfo::from_context() is always overwritten by set_rewards() before build() uses it for key derivation. The Least Authority auditor (Mirco) confirmed the fix.

---

Changes

• Regression test — compile_fail doctest on WalletSeed verifying .default() does not compile (E0599), preventing re-introduction of the vulnerability. Runs for both ledger_7 and ledger_8 module variants.
• Change file — Changelog entry documenting the audit verification.

---

📌 Submission Checklist

• Changes are backward-compatible (or flagged if breaking)
• Pull request description explains why the change is needed
• Self-reviewed the diff
• I have included a change file, or skipped for this reason: included
• If the changes introduce a new feature, I have bumped the node minor version
• Update documentation (if relevant)
• No new todos introduced

---

🔱 Fork Strategy

• Node Runtime Update
• Node Client Update
• Other
• N/A

---

🗹 TODO before merging

• Regression test passes (2/2 compile_fail doctests + 16 unit tests)
• Verification evidence posted to PM-22024
• Auditor acknowledged fix
• Ready for review