Add keypair rotation detection and migration feature

When a user rotates their Nostr keypair in account settings, the
merchant still holds the old key. This adds:

- key_mismatch flag on MerchantConfig (runtime, not persisted) -
  detected on each GET /api/v1/merchant by comparing account vs
  merchant pubkey
- POST /api/v1/merchant/{id}/migrate-keys endpoint that updates
  the merchant keys, republishes all stalls/products under the new
  identity, and resubscribes
- Warning banner in the UI with a "Migrate Keys" button and
  confirmation dialog
- update_merchant_keys() crud function

Orders and DM history are preserved since they reference customer
pubkeys. Old stall/product events on relays become orphaned.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

crud.py

@@ -55,6 +55,26 @@ async def update_merchant(
     return await get_merchant(user_id, merchant_id)
 
 
+async def update_merchant_keys(
+    user_id: str, merchant_id: str, private_key: str, public_key: str
+) -> Optional[Merchant]:
+    await db.execute(
+        f"""
+            UPDATE nostrmarket.merchants
+            SET private_key = :private_key, public_key = :public_key,
+                time = {db.timestamp_now}
+            WHERE id = :id AND user_id = :user_id
+        """,
+        {
+            "private_key": private_key,
+            "public_key": public_key,
+            "id": merchant_id,
+            "user_id": user_id,
+        },
+    )
+    return await get_merchant(user_id, merchant_id)
+
+
 async def touch_merchant(user_id: str, merchant_id: str) -> Optional[Merchant]:
     await db.execute(
         f"""