fix: enforce deterministic protobuf map marshaling in consensus paths

[mateeullahmalik]

Summary

Fix consensus-critical nondeterminism caused by protobuf map field marshaling in audit/supernode paths.

Root cause

CascadeClientFailureEvidenceMetadata.details (map) and MetricsAggregate.metrics (map) were encoded via non-deterministic map iteration in generated marshal paths, which can produce different bytes across validators and lead to app-hash divergence.

What changed

• Use deterministic metadata marshaling in x/audit/v1/keeper/evidence.go for evidence metadata encoding.
• Update generated marshal code to sort map keys before encoding in:
  • x/audit/v1/types/evidence_metadata.pb.go (details)
  • x/supernode/v1/types/metrics_aggregate.pb.go (metrics)
• Add regression tests:
  • x/audit/v1/types/evidence_metadata_determinism_test.go
  • x/supernode/v1/types/metrics_aggregate_determinism_test.go
  • keeper-level deterministic evidence metadata test in x/audit/v1/keeper/evidence_test.go

Validation

• go test ./x/audit/v1/types ./x/audit/v1/keeper ./x/supernode/v1/types

Scope

• Minimal hotfix; no schema changes, no migrations, no state key changes.

[roomote-v0]

Rooviewer   See task

Commit 9980140 adds system-level determinism tests (A-E) covering chain progress, JSON permutation stability, height transitions, restart consistency, and reserved evidence type rejection. No new issues found. All previously flagged issues remain resolved.

• Hand-edited .pb.go files (evidence_metadata.pb.go, metrics_aggregate.pb.go) will lose the sort.Strings fix on protobuf regeneration. Add a CI guard or post-generation script to prevent silent regression.
• marshalEvidenceMetadataDeterministic now calls gogoproto.Marshal, which uses the generated Marshal() -> MarshalToSizedBuffer() path. The sort.Strings calls were removed from MarshalToSizedBuffer in this same commit, so map fields are encoded in random iteration order again. Either restore the sorted .pb.go edits or revert to the XXX_Marshal(b, true) deterministic path.
• MetricsAggregate determinism test (metrics_aggregate_determinism_test.go) was deleted with no replacement. The sort.Strings patch in metrics_aggregate.pb.go is now the sole protection for this consensus-critical map field, with no test to catch regression if protobuf is regenerated.

Previous reviews

• b93faeb: Review #1
• 86d3931: Review #2
• fc51431: Review #3
• fee60b9: Review #4
• de78484: Review #5

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

[roomote-v0]

This commit removes the sort.Strings patches from both evidence_metadata.pb.go and metrics_aggregate.pb.go, then replaces the previous XXX_Marshal(b, true) deterministic path here with plain gogoproto.Marshal(msg). The comment says generated types are "patched to sort keys before encoding," but those patches were removed in this same commit. gogoproto.Marshal calls the generated Marshal() -> MarshalToSizedBuffer(), which now iterates Go maps in random order. This reintroduces the non-determinism bug the PR is meant to fix. Either restore the sort.Strings edits in the .pb.go files, or revert to the previous XXX_Marshal(b, true) approach which delegates to gogoproto's built-in deterministic marshaling.

_{Fix it with Roo Code or mention @roomote and request a fix.}

[roomote-v0]

This sort.Strings patch in generated code is now the sole protection for MetricsAggregate map determinism -- the unit test that previously verified it (metrics_aggregate_determinism_test.go) was deleted in this commit without a replacement. The cascade type got keeper-level and integration tests as replacements, but MetricsAggregate did not. If a future make proto-gen regenerates this file, the sort patch disappears and there is no test to catch the regression. Consider adding a determinism test for MetricsAggregate similar to the one added for cascade metadata.

_{Fix it with Roo Code or mention @roomote and request a fix.}