feat: support AGENTA_SIGNER env var in MCP server

[PancheI]

Summary

• Add AGENTA_SIGNER env var support to MCP server's SignerManager
• When set, loads credentials from ~/.agenta/signers/{name}.json (same as CLI)
• Falls back to AGENTA_API_KEY + AGENTA_API_SECRET for CI/Docker/remote
• Clear error message when neither path is configured

Why

The MCP server currently requires the signer share as a plaintext env var in the MCP client config. This puts MPC key material in a JSON file that's readable on disk and can end up in AI conversation logs — undermining the security model of threshold signing.

With AGENTA_SIGNER, the config file contains only a name reference. The share is loaded from ~/.agenta/ at runtime (encrypted, or in macOS keychain with Touch ID).

MCP config (before → after)

Before (only option):

{
  "env": {
    "AGENTA_API_KEY": "gw_live_...",
    "AGENTA_API_SECRET": "base64-encoded-share..."
  }
}

After (recommended for local dev):

{
  "env": {
    "AGENTA_SIGNER": "my-agent"
  }
}

Impact

• Only touches packages/wallet/src/lib/signer-manager.ts
• No changes to CLI, SDK, MCP tools, or signing protocol
• Existing AGENTA_API_KEY + AGENTA_API_SECRET path still works unchanged
• AGENTA_SIGNER takes precedence when set

Closes #3

Test plan

• TypeScript compiles cleanly
• All existing tests pass (build + test via pre-push hook)
• Manual: set AGENTA_SIGNER=<name> in Claude Desktop config, verify tools work
• Manual: verify AGENTA_API_KEY + AGENTA_API_SECRET still works
• Manual: verify error message when neither is set