Perf/tree shaking audit bundle size budgets

[israelolrunfemi]

Closes: #17

The SDK's subpath exports had never been verified for tree-shaking
correctness. Any consumer importing a single chain entry could have
been paying the bundle cost of all chains due to accidental
cross-imports, import * patterns, or noble-curves namespace imports.

Changes:

Measurement harness

• Add scripts/measure-bundles.ts — builds each entry with esbuild
  (minified, browser, ESM) and writes BUNDLE_SIZE.md with a
  per-entry gzip table

Visualizer

• Add scripts/visualize-bundles.ts — builds each chain entry through
  rollup with rollup-plugin-visualizer and commits four HTML flamegraph
  files under dist/stats/ for reviewer inspection

Size budgets

• Add "size-limit" array to package.json with per-entry gzip budgets:
  index 10 KB
  chains/stellar 40 KB
  chains/evm 35 KB
  chains/solana 45 KB (includes intentional stellar scalar re-use)
  chains/ckb 40 KB (includes intentional evm key re-use)

CI gate

• Add "bundle-size" job to the existing CI workflow; fails PR if any
  entry exceeds budget; uploads dist/stats/ as a downloadable artifact;
  posts the size table as a PR comment

Cross-import audit

• Replace any "import * as" namespace imports from @noble/curves with
  named imports (eliminates the most common tree-shaking bypass)
• Document intentional cross-imports (solana→stellar, ckb→evm) in
  BUNDLE_SIZE.md; document any unexpected ones found and fixed

Committed artifacts

• BUNDLE_SIZE.md with before/after table (before column TBD from CI)
• dist/stats/*.html visualizer output (four files)

New devDependencies: size-limit, @size-limit/preset-small-lib,
rollup-plugin-visualizer, rollup, tsx

[drips-wave]

@israelolrunfemi Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[truthixify]

Same rebase blocker. PR is also carrying the leak-detection harness files (test/leak/*) which look like they came from your #30 branch, those should be in #30 only.

Rebase, scope this PR down to just the tree-shaking and bundle-size budget changes:

git fetch origin
git rebase origin/develop
# during the rebase, drop changes to src/chains/stellar/* and test/leak/* (those belong elsewhere)
# keep only your size-limit config, dependency-graph audit notes, and per-entry budget enforcement
git push --force-with-lease

Thanks @israelolrunfemi.