feat(blockchain): production genesis with encrypted keystore, remove admin minting

- Introduce production setup script: scripts/setup_production.py
  - Generates aitbc1genesis (treasury) and aitbc1treasury (spending) wallets
  - Encrypts keys via AES-GCM, stores password in keystore/.password (600)
  - Creates allocations.json and genesis.json with fixed total supply
  - Sets mint_per_unit=0 (no inflation)

- Update make_genesis.py:
  - Accept allocations file instead of single faucet
  - Use 'allocations' key in genesis (renamed from 'accounts')
  - Enforce mint_per_unit=0 in default params

- Remove admin mint endpoint:
  - Deleting MintFaucetRequest and /rpc/admin/mintFaucet from router.py
  - Removes faucet CLI command from cli/aitbc_cli/commands/blockchain.py

- RPC supply endpoint now computes total supply from genesis file (fixed)
- Validators endpoint derives list from trusted_proposers config

- Config enhancements (config.py):
  - Add keystore_path and keystore_password_file
  - Change mint_per_unit default to 0
  - main.py: Auto-load proposer private key from keystore into settings.proposer_key (hex) for future use

- Launcher scripts:
  - scripts/mainnet_up.sh: Loads .env.production, derives proposer_id from keystore if needed, starts node + RPC
  - scripts/devnet_up.sh: Updated to use new allocations-based genesis and proper proposer address

- Documentation:
  - Rewrite blockchain-node/README.md for production model (no faucet, keystore management, multi-chain)
  - Update MEMORY.md with production blockchain section

- Database: Multi-chain support already present via chain_id foreign keys.

This change makes the blockchain production‑ready: immutable supply, secure key storage, and removal of dev‑only admin functions.

Co-authored-by: Andreas Michael Fleckl <andreas@example.com>

apps/blockchain-node/scripts/devnet_up.sh

@@ -2,13 +2,36 @@
 set -euo pipefail
 
 ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$ROOT_DIR"
 export PYTHONPATH="${ROOT_DIR}/src:${ROOT_DIR}/scripts:${PYTHONPATH:-}"
 
-GENESIS_PATH="${ROOT_DIR}/data/devnet/genesis.json"
-python "${ROOT_DIR}/scripts/make_genesis.py" --output "${GENESIS_PATH}" --force
+GENESIS_PATH="data/devnet/genesis.json"
+ALLOCATIONS_PATH="data/devnet/allocations.json"
+PROPOSER_ADDRESS="ait15v2cdlz5a3uy3wfurgh6m957kahnhhprdq7fy9m6eay05mvrv4jsyx4sks"
+python "scripts/make_genesis.py" \
+  --output "$GENESIS_PATH" \
+  --force \
+  --allocations "$ALLOCATIONS_PATH" \
+  --authorities "$PROPOSER_ADDRESS" \
+  --chain-id "ait-devnet"
 
 echo "[devnet] Generated genesis at ${GENESIS_PATH}"
 
+# Set environment for devnet
+export chain_id="ait-devnet"
+export supported_chains="ait-devnet"
+export proposer_id="${PROPOSER_ADDRESS}"
+export mint_per_unit=0
+export coordinator_ratio=0.05
+export db_path="./data/${chain_id}/chain.db"
+export trusted_proposers="${PROPOSER_ADDRESS}"
+export gossip_backend="memory"
+
+# Optional: if you have a proposer private key for block signing (future), set PROPOSER_KEY
+# export PROPOSER_KEY="..."
+
+echo "[devnet] Environment configured: chain_id=${chain_id}, proposer_id=${proposer_id}"
+
 declare -a CHILD_PIDS=()
 cleanup() {
   for pid in "${CHILD_PIDS[@]}"; do
@@ -27,10 +50,11 @@ sleep 1
 
 python -m uvicorn aitbc_chain.app:app --host 127.0.0.1 --port 8026 --log-level info &
 CHILD_PIDS+=($!)
-echo "[devnet] RPC API serving at http://127.0.0.1:8026" 
+echo "[devnet] RPC API serving at http://127.0.0.1:8026"
 
-python -m uvicorn mock_coordinator:app --host 127.0.0.1 --port 8090 --log-level info &
-CHILD_PIDS+=($!)
-echo "[devnet] Mock coordinator serving at http://127.0.0.1:8090" 
+# Optional: mock coordinator for devnet only
+# python -m uvicorn mock_coordinator:app --host 127.0.0.1 --port 8090 --log-level info &
+# CHILD_PIDS+=($!)
+# echo "[devnet] Mock coordinator serving at http://127.0.0.1:8090"
 
 wait