fix: verify derive signature for all derivation paths and update Swift bindings

[r1b2ns]

Description

• Fix critical security bug where TapSigner derive response signature was not verified when a derivation path was provided
• Fix incorrect card_nonce usage — was using the post-command nonce instead of the pre-command nonce for verification
• Regenerate Swift FFI bindings with latest uniffi-rs

Notes to the reviewers

Signature verification (security fix)

In TapSignerShared::derive(), the response signature was only verified when
pubkey == master_pubkey (i.e., no derivation path). When a path was provided,
the card returns a derived pubkey different from master, causing the if guard
to skip verification entirely.

Per the Coinkite Tap Protocol
and the reference Python implementation (verify_master_pubkey in cktap/utils.py),
the card always signs with the master private key, regardless of whether a
derivation path was used. The verification is now unconditional.

Nonce ordering fix

The card_nonce used in message construction was captured after set_card_nonce()
updated it with the response nonce (intended for the next command). The card signs
with the nonce that existed before the command. This matches the pattern already
used correctly in SatsCard::derive().

Tests report

• Additionally, I’ve run tests using cktap-swift in SatsBuddy, and it works as expected

Issues

#23 Fix verifying the sig when a derivation path is used

Checklists

All Submissions:

• I've signed all my commits
• I followed the contribution guidelines
• I ran cargo fmt and cargo clippy before committing

New Features:

• I've added tests for the new feature
• I've added docs for the new feature

Bugfixes:

• This pull request breaks the existing API
• I've added tests to reproduce the issue which are now passing
• I'm linking the issue being fixed by this PR

[notmandatory]

Does this fix #23? If so please reference that in the description. Also can you add a unit test to verify the behavior with and without derivation paths?

[notmandatory]

This looks like the right way to fix it but I think it still doesn't work with real TAPSIGNER cards. I just tried it with one of mine and it says the signature fails. Do you have a real card to test with?

$ just run derive -p 84,0,0

    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.18s
     Running `target/debug/cktap-cli derive -p 84,0,0`
Enter cvc: 
[cli/src/main.rs:233:21] &ts.derive(path.unwrap_or_default(), &cvc()).await = Err(
    Secp256k1(
        IncorrectSignature,
    ),
)

$ just run derive          

    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.19s
     Running `target/debug/cktap-cli derive`
Enter cvc: 
[cli/src/main.rs:233:21] &ts.derive(path.unwrap_or_default(), &cvc()).await = Ok(
    PublicKey {
        compressed: true,
        inner: PublicKey(
            f96ecf9fecd902bf724692ba340dc59200d45717552f94d62f8749f27b0922dd2f72c81368cc3f8c9e258a6a660a89d2f90825acc5ef91ff0938224d28dd6334,
        ),
    },
)

[r1b2ns]

This looks like the right way to fix it but I think it still doesn't work with real TAPSIGNER cards. I just tried it with one of mine and it says the signature fails. Do you have a real card to test with?

$ just run derive -p 84,0,0

    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.18s
     Running `target/debug/cktap-cli derive -p 84,0,0`
Enter cvc: 
[cli/src/main.rs:233:21] &ts.derive(path.unwrap_or_default(), &cvc()).await = Err(
    Secp256k1(
        IncorrectSignature,
    ),
)

$ just run derive          

    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.19s
     Running `target/debug/cktap-cli derive`
Enter cvc: 
[cli/src/main.rs:233:21] &ts.derive(path.unwrap_or_default(), &cvc()).await = Ok(
    PublicKey {
        compressed: true,
        inner: PublicKey(
            f96ecf9fecd902bf724692ba340dc59200d45717552f94d62f8749f27b0922dd2f72c81368cc3f8c9e258a6a660a89d2f90825acc5ef91ff0938224d28dd6334,
        ),
    },
)

Unfortunately, I haven’t, but I’m looking for a card to test it better. I’ll keep it as a draft until I can test it properly. I’ve only tested it with a Satscard by compiling the library to Swift and testing it on iOS.