Provider lifecycle fixes

[danielbui12]

Changes

Resolve these issues:

• update_provider_settings allows shrinking max_capacity to barely-above-committed, but does not validate that existing agreements still satisfy other invariants; settings change is not gated by an event payload that includes the new values
• add_stake reserves currency before mutating provider stake; on checked_add overflow the reserved funds remain locked
• set_extensions_blocked allows a provider to block extensions on an agreement for any bucket_id they have — but does not validate the caller is still a registered provider with that agreement; relies on AgreementNotFound for indirect protection

[Breaking Changes] deregister_provider ignores pending checkpoint rewards, unclaimed pool balance, and outstanding challenges

Solution

Two-step exit modeled:

1. Step: Announce

• Extrinsic: deregister_provider (same call_index 2)
• Effect: Forces accepting_primary = false, accepting_extensions = false. Stamps deregister_at = System::block_number() + DeregisterAnnouncementPeriod. Stake stays reserved; provider remains slashable.

2. Step: Complete

• Extrinsic: complete_deregister (new, call_index 6)
• Effect: After period elapses: drains CheckpointRewards via iter_prefix(&who) into free balance, unreserves stake, removes provider.

3. Step: Cancel

• Extrinsic: cancel_deregister (new, call_index 7)
• Effect: Clears deregister_at. Provider re-enables flags via update_provider_settings.

Changes:
- DeregisterAnnouncementPeriod config constant (is set ChallengeTimeout = 48 HOURS). The period >= ChallengeTimeout guarantees every pre-announce challenge matures while the provider is still slashable.
- CheckpointRewards double map storage layout flipped to (AccountId, BucketId) so iter_prefix(&provider) enables the drain.
- update_provider_settings blocked when deregister_at.is_some() so the freeze can't be undone mid-window.
- New errors DeregisterAnnounced, DeregisterNotAnnounced, DeregisterPeriodNotElapsed, new events DeregisterAnnounced, DeregisterCancelled.

[bkontur]

@danielbui12 please fix the tests