feat: add private paykit payments

[ben-kaufman]

Description

Implements private Paykit contact payments with iOS parity:

• Adds private Paykit link state, endpoint publishing, stale-link recovery, tombstones, and cleanup retry handling.
• Adds private on-chain address reservation and restore safety so normal receive flows avoid private indexes.
• Resolves saved-contact payments private-first with public Paykit fallback, and discards one-time private invoices/addresses after send attempts.
• Wires private Lightning and on-chain activity attribution through repository-backed contact resolution.
• Adds backup/restore payloads, contact cleanup handling, address viewer resilience, and focused unit coverage.

Preview

N/A

QA Notes

Passed local checks:

• ./gradlew compileDevDebugKotlin
• ./gradlew testDevDebugUnitTest
• ./gradlew detekt
• git diff --check

Passed Android emulator E2E coverage:

• Fresh profile and saved-contact setup
• Private endpoint resolution both directions
• Private on-chain Alice to Bob payment
• Bob inbound Received from attribution
• Private on-chain address rotation after receive
• Contact deletion cleanup
• Restore from seed and normal receive address skip safety

Private Lightning emulator E2E reached endpoint resolution and route construction, but the local regtest run did not produce a successful payment due to LDK RETRIES_EXHAUSTED and receiver peer connectivity timing. The send failure path is handled and covered by unit test, but a clean private Lightning back-and-forth pass should still be repeated in QA when the regtest/LSP route is healthy.

[ovitrif]

utAck

Left the review for later, unchecked the files yet to have a way to track my progress

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1a32966803

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve address listing when LDK node is not running

Switching getAddresses to lightningRepo.addressInfosForType(...).getOrThrow() makes address retrieval depend on executeWhenNodeRunning, so the address viewer now blocks/fails whenever the node is stopped or cannot reach Running (for example during startup/recovery). The previous derivation path used mnemonic-based derivation and worked without node runtime state, so this change introduces a user-visible regression where existing wallets can no longer inspect addresses in those states.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Propagate private restore failures during wallet restore

restoreWalletBackup logs and ignores failures from restoring private Paykit reservation/link state, then still returns success (createdAt). In failure scenarios (e.g., datastore write/read issues), full restore is marked successful while private reservation ceilings are not restored, which can allow reusing previously reserved private receive indexes after recovery and silently losing private-contact state.

Useful? React with 👍 / 👎.