Replace dummy-message biometric pre-auth with explicit ensureUnlocked()

[Copilot]

GaslessManager.ensureBiometricAuth() was calling signMessage("auth:purpose") to unlock the vault and cache the public key before transaction building. For VaultSigner in PerOperation mode this caused two biometric prompts per operation; for custom signers it produced an unnecessary signature.

Changes

• TransactionSigner interface — Added suspend fun ensureUnlocked() with a default no-op. Vault-backed signers override it for explicit pre-authentication without producing a signature.

• VaultSigner — Implements ensureUnlocked(): performs one biometric prompt, caches the public key, and (PerOperation mode) stores the keypair as a single-use pendingKeypair. signMessage() consumes pendingKeypair when present, skipping the second unlock:

  // PerOperation: ensureUnlocked() stores keypair; signMessage() consumes it once
  val keypair = pendingKeypair?.also { pendingKeypair = null }
      ?: VaultManager.unlockVault(/* prompts user */ ...)

  SessionBased mode continues to rely on VaultManager's TTL session cache.

• GaslessManager — ensureBiometricAuth() now delegates to signer.ensureUnlocked(). Removed the now-meaningless purpose: String parameter from the helper and all six call sites.

---

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.