Producer-authoritative typed recursion + descriptor-CID vat routing (clean branch)

[lthibault]

Summary

This PR ships the producer-authority + descriptor-CID vat routing cutover on a clean branch from origin/master.

What we built

• Switched dynamic-cap authority to producer-owned typed metadata end-to-end (TypedCap flow for process.bootstrap, vat listen/serve, and vat dial).
• Moved vat routing identity to descriptor CID using canonical {wasiCid,schemaCid} (no version field).
• Removed WWSC pre-RPC schema preface framing; vat RPC now boots directly on the stream.
• Kept descriptor-CID routing strict and fail-closed.
• Made VatClient.dial source TypedCap.schema only from local descriptor.schemaCid lookup; unresolved/invalid schemaCid errors explicitly.
• Removed snap/JFS verification machinery from ww core so snap-specific behavior stays example-owned.

Glia recursive attenuation examples

init.glia style host-network recursion:

(load-file "/lib/init/default.glia")

{:host
 (attenuate host
   :allow [:id :network]
   :returns {:network
             {:stream-dialer (attenuate :self :allow [:dial])
              :stream-listener (attenuate :self :allow [:listen])
              :vat-client (attenuate :self
                            :allow [:dial]
                            :returns {:dial
                                      {:cap (attenuate :self :allow [:id])}})}})}

Process bootstrap recursion (returned cap is attenuated by producer-typed schema):

{:runtime
 (attenuate runtime
   :allow [:load]
   :returns {:load
             {:executor (attenuate :self
                          :allow [:spawn]
                          :returns {:spawn
                                    {:process (attenuate :self
                                                :allow [:bootstrap]
                                                :returns {:bootstrap
                                                          {:cap (attenuate :self :allow [:id])}})}})}}})}

Follow-up hardening included

• Fixed dynamic method-policy gating to use wire method ordinals (not schema codeOrder).
• Fixed attenuation allow-list matching to canonicalize perform-time method names consistently (kebab/snake/camel normalization).
• Removed dead base64 dependency from crates/rpc.
• Updated changelog entries to match shipped behavior.

Notes

• This PR supersedes init policy cutover: recursive attenuate + bare export map enforcement #523.