chore: bump world-id-protocol to v0.11.0

[kilianglas]

Bumps world-id-core and world-id-proof from 0.10.2 to 0.11.0, adapting to the breaking Config API from worldcoin/world-id-protocol#729.

What changes

• Cargo.toml: bump world-id-core and world-id-proof to 0.11.0.
• walletkit-core/src/defaults.rs: drop the AuthenticatorConfig impl (the type was removed upstream) and rewrite impl DefaultConfig for Config to build a Config directly with ServiceEndpoint::Ohttp { url, relay_url, key_config_base64 } for both indexer (per-region) and gateway (US-pinned).
• walletkit-core/src/authenticator/mod.rs: pass Config directly into CoreAuthenticator::{init, register}; replace AuthenticatorConfig::{from_environment, from_json} with Config::{from_environment, from_json} in the four affected constructors.
• Tests + walletkit-cli: thread the new ServiceEndpoint and ProofType through fixtures that construct Config / ProofRequest directly.

Notable side effect: OHTTP regression fix

Walletkit 0.17.0 regressed Authenticator::init_with_defaults so that OHTTP was silently dropped from the default config (From<Config> for AuthenticatorConfig set ohttp_indexer/ohttp_gateway to None). The upstream refactor removes AuthenticatorConfig and the lossy From<Config> seam outright, so init_with_defaults once again ships OHTTP for the default config.

Wire-level break for JSON-init callers

Authenticator::init(seed, config: &str, ...) and register(seed, config: &str, ...) consume JSON. The upstream Config::from_json shape differs from the old AuthenticatorConfig::from_json:

• Old: top-level indexer_url / gateway_url flat strings + optional ohttp_indexer / ohttp_gateway objects.
• New: top-level indexer / gateway as internally-tagged enum objects: {"type":"direct","url":...} or {"type":"ohttp","url":...,"relay_url":...,"key_config_base64":...}.

Consumer impact:

• iOS uses init_with_defaults / register_with_defaults exclusively — no impact.
• Android staging passes an explicit JSON config without OHTTP fields. Will need a producer-side update on the next Android walletkit bump; tracked outside this PR.

ProofType (no walletkit work needed)

world-id-protocol v0.11.0 also adds a proof_type: ProofType field on ProofRequest (PRs #711 / #712). The field has #[serde(default)] with ProofType::Uniqueness as the default, so existing RP JSON payloads deserialise unchanged. Walletkit's Authenticator::generate_proof already delegates to the core authenticator, which now branches on proof_type internally — for uniqueness requests behaviour is identical. Tests that construct ProofRequest directly (not via JSON) are updated to set the field explicitly.

Supress deprecation warnings for recovery agent update flow authenticator methods

• Add #[allow(deprecated)] to recovery agent update methods

Out of scope

• Default-flip from OHTTP to direct + explicit-opt-in OHTTP constructor — follow-up PR.