feat: Add node integration, TRP-gated auth, CIP-8 verification

- Node integration endpoints:
  - GET /v1/address/{address}/utxos - query UTxOs directly from node
  - POST /v1/tx/submit - submit signed transactions
  - GET /v1/protocol-params - current epoch protocol parameters

- TRP-gated permissionless API keys:
  - POST /v1/auth/challenge - get nonce for wallet signing
  - POST /v1/auth/verify - verify CIP-8 signature, issue key based on TRP balance
  - POST /v1/auth/refresh - re-check TRP balance and update tier
  - Background task: hourly tier refresh for all TRP-gated keys

- Tier thresholds: 50+ TRP = standard, 500+ TRP = elevated
- TX submit rate limits: anonymous=blocked, standard=2/min, elevated=10/min
- Added pycardano, cbor2, PyNaCl dependencies
- Updated Dockerfile with cardano-cli binary

Dockerfile

@@ -1,6 +1,36 @@
 FROM python:3.12-slim
+
+# Install dependencies for cardano-cli
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    ca-certificates \
+    libsodium23 \
+    libsecp256k1-1 \
+    libnuma1 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Download and install cardano-cli
+# Using the official release from cardano-node 10.4.1 (compatible with current network)
+ARG CARDANO_CLI_VERSION=10.4.1
+RUN curl -L "https://github.com/IntersectMBO/cardano-node/releases/download/${CARDANO_CLI_VERSION}/cardano-node-${CARDANO_CLI_VERSION}-linux.tar.gz" \
+    -o /tmp/cardano-node.tar.gz && \
+    mkdir -p /tmp/cardano && \
+    tar -xzf /tmp/cardano-node.tar.gz -C /tmp/cardano && \
+    cp /tmp/cardano/bin/cardano-cli /usr/local/bin/ && \
+    chmod +x /usr/local/bin/cardano-cli && \
+    rm -rf /tmp/cardano /tmp/cardano-node.tar.gz
+
+# Verify cardano-cli installation
+RUN cardano-cli --version
+
 WORKDIR /app
+
+# Install Python dependencies
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application
 COPY . .
+
+# Run with uvicorn
 CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8765", "--workers", "2"]