test: add coverage for getContextKeyHash mechanism

[Aboudjem]

Summary

• Adds a dedicated ContextKeyHashTest contract with 20 tests (including 2 fuzz tests) covering the getContextKeyHash transient storage stack mechanism
• Tests verify key hash computation correctness against manual keccak256 for both Secp256k1 and P256 key types
• Covers all three execution paths: orchestrator workflow, signature-based workflow, and self-execution (EOA)
• Validates stack cleanup after execution, batch consistency, sequential independence across different keys, and the MockAccount.setContextKeyHash helper

What's Tested

Category	Tests
Key hash computation	Manual keccak vs contract hash for Secp256k1 and P256, different keys produce different hashes, expiry independence
Outside execution	Returns bytes32(0) when no execution context
Orchestrator workflow	Secp256k1 key, P256 key
Signature workflow	Secp256k1 key, P256 key
Self-execution	EOA key yields bytes32(0)
Stack cleanup	Zero after orchestrator execution, zero after signature execution
Batch consistency	All calls in a batch see the same key hash
Multiple keys	Different keys produce different context hashes
Sequential executions	Independent contexts with mixed key types (Secp256k1 then P256)
EOA signature	Bare EOA sig produces zero key hash
Mock helper	setContextKeyHash pushes correctly
Fuzz: determinism	Hash is deterministic for same inputs (256 runs)
Fuzz: orchestrator	Random authorized keys always expose correct hash (256 runs)

Test plan

• All 20 tests pass: forge test --match-contract ContextKeyHashTest
• Full test suite unaffected (226/226 pass; 3 pre-existing failures unrelated)
• Code formatted with forge fmt

Closes #381

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com