feat(types,evm)!: typed signet headers with invariant validation

[prestwich]

Summary

Introduces SignetHeaderV1 and SignetHeaderV2 validated newtypes over
Sealed<Header> to prevent downstream confusion between rootless and
rooted headers at the type level.

• SignetHeaderV1: wraps Sealed<Header>, eagerly caches block hash.
  Validates that transactions_root and receipts_root are EMPTY_ROOT_HASH
  (the empty trie hash — preserving original behavior). Always available.
• SignetHeaderV2: same wrapper, but validates roots are not
  EMPTY_ROOT_HASH. Behind #[cfg(feature = "experimental")] and
  #[deprecated] — unstable, not yet used in production.
• Both types validate 7 shared "must be default" fields (ommers_hash,
  state_root, withdrawals_root, blob_gas_used, excess_blob_gas,
  requests_hash, extra_data) on construction via TryFrom<Header>.
• SignetHeaderError reports all violations in both directions
  (must_be_default + must_not_be_default) in a single error.

Design Decisions

Why newtypes over Sealed<Header> (not Header)? The block hash is always
needed downstream. Eagerly sealing on construction avoids repeated hashing and
removes the need for separate SealedSignetHeaderV1 type aliases.

Why EMPTY_ROOT_HASH (not B256::ZERO) for V1? Alloy's Header::default()
sets roots to EMPTY_ROOT_HASH (keccak of the empty trie). The original
construct_header used ..Default::default() which produced EMPTY_ROOT_HASH
roots. V1 mandates this to preserve original behavior.

Why V2 only checks != EMPTY_ROOT_HASH? A zero root is not a valid computed
root in practice. The check is intentionally minimal — it distinguishes "someone
computed real roots" from "roots were left at the default empty trie value."

Why feature-gated + deprecated? V2 is the future direction but the root
computation path is not yet stabilized. The experimental feature gate prevents
accidental adoption. The #[deprecated] warning ensures anyone who opts in
knows the API is unstable.

Breaking Changes

• SealedHeader type alias (Sealed<Header>) removed from public API
• SealedBlock.header field type changed from SealedHeader to SignetHeaderV1
• SignetDriver::new() accepts SignetHeaderV1 instead of SealedHeader
• SignetDriver::parent() returns &SignetHeaderV1
• BlockResult::header() and BlockResult::journal_meta() are no longer const fn
• Test headers that set non-default values for validated fields (e.g. difficulty,
  mix_hash, nonce) have been stripped to pass V1 validation

Changes by Crate

signet-types

• New header.rs module with SignetHeaderV1, SignetHeaderV2, SignetHeaderError
• SealedBlock now stores SignetHeaderV1 instead of Sealed<Header>
• experimental feature added

signet-evm

• SignetDriver parent field and constructor use SignetHeaderV1
• construct_header split into construct_header_v1() (always) and
  construct_header_v2() (experimental)
• experimental feature forwards to signet-types/experimental
• Memoized transactions_root via OnceLock seal/unseal pattern (from earlier commits)

signet-test-utils

• All test header construction migrated to SignetHeaderV1::try_from()

Test Plan

• cargo t -p signet-types --all-features — 54 pass (V1 + V2 validation tests)
• cargo t -p signet-test-utils — all pass
• cargo clippy -p signet-types --all-features --all-targets — clean
• cargo clippy -p signet-types --no-default-features --all-targets — clean
• cargo clippy -p signet-evm --all-features --all-targets — clean
• cargo clippy -p signet-evm --no-default-features --all-targets — clean
• cargo clippy -p signet-test-utils --all-features --all-targets — clean

ENG-2120

🤖 Generated with Claude Code

[Fraser999]

One non-blocking suggestion.

[Fraser999]

Minor point: we could use a static DEFAULT_HEADER: LazyLock<Header> = LazyLock::new(Header::default); to avoid allocating each time here.