fix: reject fake p2p epoch distributions with valid self-hash

[createkr]

Fix P2P epoch proposal merkle self-validation flaw

Problem

_handle_epoch_propose() in rustchain_p2p_gossip.py only verified that the merkle root in an epoch proposal was internally consistent with the provided distribution data. It never checked whether distribution recipients were actually attested miners. A malicious epoch leader could send a self-paying distribution with a correctly computed merkle root, and all peers would vote "accept".

Fix

After the merkle internal-consistency check, the handler now queries miner_attest_recent and rejects any proposal whose distribution includes recipients not present in the locally attested miner set. DB errors are handled fail-safe (reject).

Changes

• node/rustchain_p2p_gossip.py: Added attested-miner cross-reference validation in _handle_epoch_propose() and extracted _reject_epoch_vote() helper.
• node/tests/test_epoch_proposal_merkle_validation.py: 8 new tests covering self-paying distributions, partial unattested recipients, valid distributions, merkle mismatch, empty distributions, invalid leaders, miner removal between epochs, and DB error fail-safe.

Tests

8/8 new tests pass. No existing tests affected.

[createkr]

For bounty payout, please use RTC wallet: RTC1d48d848a5aa5ecf2c5f01aa5fb64837daaf2f35.

[Scottcjn]

Reviewed. Closes the epoch proposal self-validation flaw — merkle check only proved internal consistency, not that recipients were legitimately attested. Now cross-references distribution recipients against miner_attest_recent. Extracted _reject_epoch_vote helper for DRY. 263-line test with 8 cases including DB error fail-safe.

Payment: 65 RTC — P2P fake epoch distribution rejection (High severity)

Merging. Thank you createkr.