feat: add lock / unlock functionality to agg_bridge for native miden assets

[partylikeits1983]

Closes #2700. Adds a lock/unlock path for Miden-native tokens to the AggLayer bridge, mirroring PolygonZkEVMBridgeV2.claimAsset()'s handling of originNetwork == networkID.

The bridge no longer needs to be the faucet's owner to support it, so user-created faucets are now bridgeable once the bridge admin registers them via a CONFIG_AGG_BRIDGE note with is_native = true. Registration is still admin-gated (register_faucet is caller-restricted); what changed is the ownership requirement.

Approach

Native faucet branch, end-to-end:

• Bridge-out: if is_native, call lock_asset → native_account::add_asset to park the asset in the bridge's own vault. No BURN note is emitted.
• Bridge-in: if is_native, call unlock_and_send → native_account::remove_asset + p2id::new to emit a P2ID note to the recipient. No MINT note, no faucet ntx. PROOF_DATA_KEY is used as the serial number so the note commitment is deterministic per claim.
• LET leaf construction and the existing non-native burn/mint flow are untouched.

Metadata moved to the bridge. All three FPI calls from the bridge into the faucet (asset_to_origin_asset, get_metadata_hash, get_scale) are replaced with bridge-local reads out of a new faucet_metadata_map.

A single map with four faucet-ID-keyed sub-keys holds everything:

Sub-key	Value
[0, 0, fid_s, fid_p]	[addr0, addr1, addr2, addr3]
[1, 0, fid_s, fid_p]	[addr4, origin_network, scale, 0]
[2, 0, fid_s, fid_p]	[mh_lo0..3]
[3, 0, fid_s, fid_p]	[mh_hi0..3]

faucet_registry_map is extended from [1, 0, 0, 0] to [1, is_native, 0, 0], which is backward-compatible since existing entries have is_native = 0 implicitly. CONFIG_AGG_BRIDGE carries the full metadata payload at registration (split across two calls to fit the 16-element stack).

AggLayer faucet slimmed. With metadata on the bridge, the faucet's conversion-info / metadata-hash slots and its asset_to_origin_asset / get_metadata_hash / get_scale procs are dead code. Removed: the AggLayerFaucet component now only re-exports mint_and_send + burn on top of Ownable2Step + OwnerControlled. A Miden-native faucet which wants to integrate with Agglayer, now is just a plain network fungible faucet, no AggLayer-specific storage or FPI surface needed.

Follow-ups

Not in this PR; filing separately per @bobbinth's comments in the original issue for this PR:

• Collapse faucet_registry_map into faucet_metadata_map by parking is_native in sub-key 1's 4th limb. Needs a new presence check (origin-address-word non-zero) before landing.
• Store the EVM token name on-chain (AggLayer: store token name in faucet storage #2585).
• Verify the metadata hash on-chain (AggLayer: onchain verification of metadata hash during faucet registration #2586).

[Fumuran]

Looks good, thank you!
It is a partial review, for now I only reviewed masm code. Mostly formatting suggestions and code optimizations

[Fumuran]

Rust part looks great, thank you! I left just one question inline

[partylikeits1983]

@Fumuran I went with your suggestion, and packaged ConfigAggBridgeNote::create's six faucet-metadata parameters into a new ConversionMetadata struct with a to_elements() helper.

Separately, extracted build_mint_output_note, unlock_and_send, and their MINT/UNLOCK memory constants from bridge_in.masm into a new bridge_in_output.masm module (otherwise bridge_in.masm was getting too big), and updated the SPEC reference accordingly.

[Fumuran]

Looks great! For now (I see that currently PR is in draft mode) I have just one small masm-related comment.

[partylikeits1983]

@mmagician this is ready for another look. Andrey's comments are all addressed and resolved.