fix: select access key before computing MPP channel authorizedSigner

[TheRealRajdeep]

Summary

• Fix: The MPP getClient callback in Provider.ts was always using the root account address when constructing
  the client for mppx. This caused the channel authorizedSigner to be computed from the root address, meaning voucher
  signing fell back to the root wallet even when a scoped access key existed.
• Change: The callback now calls AccessKey.select() before falling back to the root address. When a matching
  access key is found, its address is attached as accessKeyAddress on the client account object — which mppx already
  reads via getAuthorizedSigner in Session.ts.
• Test: Adds a localnet integration test that authorizes an access key and verifies MPP payments succeed through
  it.

Closes #518

Test plan

• pnpm tsc -b --noEmit passes (zero type errors)
• All 24 lib/pure test suites pass (432 tests)
• New test mpp client uses access key address as authorizedSigner added to src/core/mppx.localnet.test.ts
• Localnet tests require Docker (pnpm dev) — will run in CI

[vercel]

@TheRealRajdeep is attempting to deploy a commit to the Tempo Team on Vercel.

A member of the Team first needs to authorize it.

[deodad]

hey, appreciate the PR. This is directionally right but will still hit edge cases:

• an access key may or may not have the right scopes
• until T5, only secp256k1 keys are able to sign vouchers

we're considering introducing mpp_authorize to solve these

[TheRealRajdeep]

Ah okay. Is it possible that we work together on it?