feat: reapply MessageOrigin API and remove ApplicationMessage.app

[sanity]

Context

Re-applies #3538 (Nacho's delegate API cleanup), which was temporarily reverted in 3d481af to unblock a regression fix release for v0.1.183 connection instability.

Prerequisites before merging

• River PR feat: adopt MessageOrigin API and remove ApplicationMessage.app river#164 ready and CI passing (workspace stdlib bumped to 0.3.2)
• Coordinated release: merge this, release freenet-core, then merge & republish River

Original PR

All changes are identical to #3538:

• DelegateInterface::process: attested: Option<&'static [u8]> → origin: Option<MessageOrigin>
• ApplicationMessage: removed app: ContractInstanceId field
• ApplicationMessage::new(app, payload) → ApplicationMessage::new(payload)
• Uses freenet-stdlib 0.3.2 / freenet-macros 0.2.0

This is a breaking change for existing delegate WASM — old delegates cannot be loaded after this lands.

[AI-assisted - Claude]

[github-actions]

After reading all rule files and the complete diff, here is the review:

---

✅ Rule Review: No issues found

Rules checked: git-workflow.md, code-style.md, testing.md, contracts.md
Files reviewed: 21

No rule violations detected — merge is not blocked by this check.

---

Summary of changes reviewed:

This PR is a rename/refactor across the codebase:

• attested_contract / AttestedContract / AttestedContractMap → origin_contract / OriginContract / OriginContractMap
• ApplicationMessage.app field removed; ApplicationMessage::new() no longer takes an app_id argument
• Wire protocol updated to use MessageOrigin enum (bincode-serialized) instead of raw &[u8]
• DELEGATE_INHERITED_ATTESTATIONS → DELEGATE_INHERITED_ORIGINS
• freenet-stdlib bumped 0.2.2 → 0.3.1, freenet-macros 0.1.3 → 0.1.4

Checks performed:

• CRITICAL — no violations: No new Instant::now() / tokio::time::sleep() in crates/core/ (one pre-existing Instant::now() in spawn_token_cleanup_task is context, not added by this PR). No rand::random() / rand::thread_rng(). No tokio::net::UdpSocket. No deleted or commented-out tests; _app_id / _app prefixes in test code are correct Rust convention for intentionally unused variables with the new API.
• WARNING — no violations: No new .unwrap() in production code. No fire-and-forget spawns added. No retry loops. No GC exemptions without TTL.
• INFO — no violations: The non-exhaustive match origin { Some(MessageOrigin::WebApp(…)) => …, None => … } in runtime.rs is compile-time exhaustive (Rust enforces this), so it doesn't silently miss future variants. Doc comments on renamed public types are updated throughout.

---

Automated review against .claude/rules/. Critical and Warning findings block merge — check boxes or post /ack to acknowledge.