Align runtime tests with canonical metadata.proof schema

[GsCommand]

Motivation

• The runtime has adopted the runtime-core canonical proof shape; tests still asserted legacy proof fields and algorithms and therefore started failing after the migration.
• Update test expectations to the canonical metadata.proof shape (nested canonicalization, hash, and signature) without reverting the canonicalization migration or reintroducing legacy fields.

Description

• Reworked runtime/tests/protocol-v1-1-0.test.mjs to assert metadata.proof.canonicalization, metadata.proof.hash and metadata.proof.signature instead of legacy top-level proof fields, and to validate SHA-256 and Ed25519 algorithm names.
• Updated the schema served by the local test schema host in runtime/tests/runtime-signing.test.mjs to require proof with canonicalization, nested hash (alg + value) and nested signature (alg + value + kid).
• Adjusted runtime-signing assertions to check receipt.metadata.proof.canonicalization, receipt.metadata.proof.hash.alg, receipt.metadata.proof.hash.value, receipt.metadata.proof.signature.alg, receipt.metadata.proof.signature.value, and receipt.metadata.proof.signature.kid, and updated verify-path expectations to read values.canonicalization.
• Replaced legacy presence assertions (e.g. alg, canonical, canonical_id, hash_sha256, signature_b64) with assertions that those legacy fields are absent or not required by the v1.1.0 shape.

Testing

• Ran npm install (network-dependent git fetch failed in this environment due to DNS resolution to github.com).
• Ran npm run check which passed (node --check server.mjs).
• Ran npm test and npm run ci, both of which currently fail because several runtime integration tests still fail; exact failing test names are listed below.

Remaining failing tests (exact names):

• Legacy receipt verification compatibility: v1 receipt still verifies after v2 key added
• Legacy receipt verification compatibility: valid receipt verifies
• boot fails fast without keys unless DEV_AUTO_KEYS=1
• makeReceipt production path emits signed receipts with runtime kid and canonical fields
• /verify accepts both wrapped and bare receipts from the production signing path
• POST /execute dispatches execution.verb to clean and keeps canonical commons receipt entry
• POST /execute normalizes nested execution into the handler body and preserves execution metadata
• POST /execute falls back to top-level verb for summarize
• POST /execute returns JSON 400 when the verb is missing
• POST /execute returns JSON 404 for unknown verbs
• legacy per-verb routes still work after adding POST /execute
• schema validation fails on malformed receipt
• /verify reports a hash/signature failure when a signed production receipt is tampered
• /verify?ens=1 passes with mocked ENS TXT response and preserves current kid behavior
• /verify?ens=1&strict_kid=1 rejects a receipt when ENS publishes a different kid
• /verify surfaces transient timeout failures separately from cryptographic failures
• commons runtime ignores inbound x402 request metadata when building receipts
• fabricated commons execution defaults use canonical execute entry
• full chain clean -> summarize -> classify verifies with schema using commons execution defaults

---

Codex Task