fix(jobs): defer terminate to operator when payer is multisig

[SgtPooki]

What changed

In session-key + multisig payer mode, repairTerminatedDataSet now throws a typed DataSetTerminateRequiresOperatorError instead of calling synapse.storage.terminateDataSet. The data_set_creation handler catches the typed error and emits dataset_terminate_operator_action_required so the operator can submit terminateService via Safe (as we did in #545).

The existing already-terminated branch in repairTerminatedDataSet is unchanged. Once an operator's Safe batch lands and FWSS reports pdpEndEpoch != 0, the next tick marks the affected Deal rows cleaned_up=true automatically.

EOA-mode behavior is unchanged.

Why

FWSS.terminateService gates on msg.sender ∈ {payer, payee}. Our session-key EOA is neither, so any direct call would revert with CallerNotPayerOrPayee on-chain. Pre-flight simulation also fails today because Lotus rejects eth_call with from set to a contract address (lotus#13470 still open), and apps/backend/src/common/synapse-factory.ts:safeReadTransport strips from to work around that.

Full context: #546

How to verify

pnpm test from the repo root (362 tests pass).

Manual: in staging, after this lands, a dataset_terminated_detected event for a known-terminated dataset is now followed by dataset_terminate_operator_action_required (with payerAddress in the log) instead of failing on CallerNotPayerOrPayee. After the operator runs a Safe batch like #545, the next data_set_creation tick logs dataset_already_terminated + dataset_terminated_repaired and marks the corresponding Deal rows cleaned_up=true.

Notes / risks

• Draft. No new tests yet for the new branch.
• Once synapse-sdk + FWSS land the EIP-712 session-key-signed termination path (fix(typehash)!: rename DeleteDataSet auth to TerminateService synapse-sdk#796 + the contract-side PR), this guard can be removed.

Refs:

• Dealbot can't auto-terminate datasets when payer is a Safe multisig #546 root cause + tracker
• Terminate 197 stuck provider-24 datasets on calibnet via Safe multisig #545 manual cleanup for provider 24
• fix: handle PDP-terminated datasets via data_set_creation repair #518 data_set_creation repair handler
• fix: work around Lotus eth_call rejection for multisig accounts #419 safeReadTransport workaround
• fix(eth): allow eth_call and eth_estimateGas from contract and non-existent addresses filecoin-project/lotus#13470

[BigLep]

@SgtPooki : I want to make sure any work here is accounting for changes / simplifications that are coming with terminations as outlined in https://www.notion.so/filecoindev/Data-Set-Terminations-Clean-up-360dc41950c1801ebf0aff017a322e7f

[SgtPooki]

@SgtPooki : I want to make sure any work here is accounting for changes / simplifications that are coming with terminations as outlined in https://www.notion.so/filecoindev/Data-Set-Terminations-Clean-up-360dc41950c1801ebf0aff017a322e7f

This was exploratory and im not a big fan.. i think we should just close this and wait for the changes you mentioned

[BigLep]

Closing given #547 (comment)