[runtime] Restore runtime-core canonical receipt API ownership

[GsCommand]

Motivation

• Restore canonical receipt construction and verification to runtime-core to eliminate protocol drift introduced by local primitive reimplementation.
• Preserve existing runtime behavior and test expectations while re-centralizing canonical logic in the crypto source-of-truth.

Description

• Replace local canonical/hash/sign primitives with CANONICAL_METHOD, signCommandLayerReceipt(), and verifyCommandLayerReceipt() imported from @commandlayer/runtime-core.
• Remove the local computeCanonicalHash() implementation and its uses so canonical proof construction is no longer duplicated in the runtime.
• Preserve emitted receipt proof shape (including signature.alg = "Ed25519") and add a narrow verification adapter that normalizes signature.alg to ed25519 before calling verifyCommandLayerReceipt() to bridge a casing expectation gap.
• Do not reintroduce legacy APIs such as CANONICAL_ID_SORTED_KEYS_V1, signReceiptEd25519Sha256, or verifyReceiptEd25519Sha256.

Testing

• Ran npm install, npm run check, npm test, and npm run ci, and all completed successfully with unit and smoke tests passing.
• Unit test run reported 32 tests passed and 0 failures, and the smoke tests reported smoke ok.
• Verified that CANONICAL_METHOD is sourced from runtime-core, computeCanonicalHash was removed, and signing/verification now delegate to runtime-core with a minimal adapter for signature algorithm casing.

---

Codex Task