Add Protocol 27 (CAP-71) Soroban authorization support

[christian-rogobete]

Adds the hand-written Protocol 27 (CAP-71) layer on top of the generated XDR: the new Soroban authorization credential types and delegated account authorization. All additions are additive and opt-in; the legacy SOROBAN_CREDENTIALS_ADDRESS credential remains the default and fully valid.

Credentials and XDR

• SorobanCredentials models all four arms (source-account, legacy ADDRESS, ADDRESS_V2, ADDRESS_WITH_DELEGATES); fromXdr/toXdr round-trip every arm and fail fast on unknown arms.
• New SorobanAddressCredentialsWithDelegates, SorobanDelegateSignature, and SorobanDelegateDescriptor, plus forAddressCredentialsV2 and forAddressWithDelegates factories.
• The address-bound preimage binds the signature payload to the top-level credential address.

Authorization

• SorobanAuthorizationEntry::buildPreimage and sign() with an optional forAddress that routes a signature into matching top-level or delegate nodes; the credential arm is preserved on write-back.
• withDelegates tree builder with XDR-byte sorting and within-array duplicate rejection.
• AssembledTransaction and SEP-45 web auth handle all credential arms; a delegates-only entry passes the send precheck with a void top-level signature.

Hardening

• Recursive XDR decode is bounded (depth 128) to prevent stack exhaustion from a hostile, deeply nested delegate tree, with fail-closed caps on the tree-walk helpers.

Tooling

• The agent-skill API-reference generator is added under tools/skill-generator, and the API reference is regenerated.

Defaults and protocol gating

• The legacy ADDRESS credential remains the default; the new arms are opt-in and only valid on Protocol 27+.

Source compatibility

• The SorobanCredentials constructor's first parameter was renamed from $addressCredentials to $credentialType (now int|SorobanAddressCredentials). Positional callers are unaffected. Callers that used the named argument addressCredentials: should switch to credentialType: or to the forAddressCredentials() factory: the old named call still compiles but now binds to a different parameter and yields source-account credentials.

Closes #93.

[codecov]

Codecov Report

❌ Patch coverage is 97.64244% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 92.74%. Comparing base (184f252) to head (376e420).

Files with missing lines	Patch %	Lines
...ellarSDK/Soroban/Contract/AssembledTransaction.php	93.84%	8 Missing ⚠️
...o/StellarSDK/Soroban/SorobanAuthorizationEntry.php	97.82%	4 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main      #94      +/-   ##
============================================
+ Coverage     92.63%   92.74%   +0.10%     
- Complexity    20806    20960     +154     
============================================
  Files           987      990       +3     
  Lines         49713    50119     +406     
============================================
+ Hits          46050    46481     +431     
+ Misses         3663     3638      -25     

Files with missing lines	Coverage Δ
...DK/SEP/WebAuthForContracts/WebAuthForContracts.php	78.61% <100.00%> (-0.40%)	⬇️
...Soroban/SorobanAddressCredentialsWithDelegates.php	100.00% <100.00%> (ø)
Soneso/StellarSDK/Soroban/SorobanCredentials.php	100.00% <100.00%> (ø)
...o/StellarSDK/Soroban/SorobanDelegateDescriptor.php	100.00% <100.00%> (ø)
...so/StellarSDK/Soroban/SorobanDelegateSignature.php	100.00% <100.00%> (ø)
Soneso/StellarSDK/Xdr/XdrBuffer.php	98.83% <100.00%> (+0.15%)	⬆️
Soneso/StellarSDK/Xdr/XdrSorobanCredentials.php	100.00% <100.00%> (ø)
...eso/StellarSDK/Xdr/XdrSorobanDelegateSignature.php	94.18% <100.00%> (+0.13%)	⬆️
...o/StellarSDK/Soroban/SorobanAuthorizationEntry.php	98.01% <97.82%> (+0.40%)	⬆️
...ellarSDK/Soroban/Contract/AssembledTransaction.php	79.34% <93.84%> (+23.34%)	⬆️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.