Honor explicit no-prompt getPublicKey semantics

[ty-everett]

Summary

• Propagates GetPublicKeyArgs.seekPermission into public-key and identity-key permission checks.
• Adds regressions proving seekPermission=false fails without opening permission prompts.

Current framing

This should stay open, but not because normal app developers should see WALLET_PERMISSION_REQUIRED during ordinary wallet use. They should not.

The normal app contract is:

• permission already exists -> operation succeeds;
• permission is missing -> the wallet opens a permission prompt and the original request waits;
• user grants -> the original request succeeds;
• user denies -> the original request fails at denial.

This PR is still useful because explicit seekPermission=false is a real API contract for diagnostic/headless/no-prompt callers. If a caller explicitly opts out of prompting, the toolbox must not accidentally enqueue a user permission request. Keeping this fix upstream lets downstream wallets remove local compatibility patches for getPublicKey.

Validation

• corepack pnpm --filter @bsv/wallet-toolbox exec jest --runTestsByPath src/__tests/WalletPermissionsManager.checks.test.ts --runInBand
• corepack pnpm --filter @bsv/auth-express-middleware run build
• corepack pnpm --filter @bsv/payment-express-middleware run build
• corepack pnpm --filter @bsv/wallet-toolbox run build

Follow-up

After merge and package release, p2ppsr/metanet-client-desktop should be able to drop its local patchGetPublicKeySeekPermission compatibility patch and consume the released toolbox behavior directly.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud