Cardano Updates

set_start_time rounded systemStart down to the previous 2-min boundary (up to 120s
in the past). Producers forge from genesis; the forecast horizon is 3k/f (75s at
k=5), so a backdate >75s leaves them past the horizon at boot -> NoLedgerView ->
chain dead at genesis. Clock-phase-gated, ~30% flaky. Genesis = now.

set_start_time rounded systemStart down to the previous 2-min boundary (up to 120s
in the past). Producers forge from genesis; the forecast horizon is 3k/f (75s at
k=5), so a backdate >75s leaves them past the horizon at boot -> NoLedgerView ->
chain dead at genesis. Clock-phase-gated, ~30% flaky. Genesis = now.

build_tip_nodes appends the AMARU_RELAYS followers to the probed node
set, and the convergence commands (finally_tips_agree,
eventually_converged, serial_driver_tip_agreement) now require the
agreeing-tip count to equal EXPECTED_TIPS (producers + followers)
rather than the hardcoded producer count POOLS. The amaru relays in
both amaru testnets listen on the n2n probe port (3001) so they answer
cardano-cli ping --tip over node-to-node.

Producer-only testnets (cardano_node_master) leave AMARU_RELAYS unset,
so EXPECTED_TIPS == POOLS and their behaviour is unchanged.

amaru-relay-1/2 peered directly with producers p1/p2. Point them at relay1/relay2
instead: these relays are in the fault-exclusion set, so the system-under-test
syncs from a stable upstream while only the amaru relays take faults. Add a
depends_on so each amaru waits for its relay to start.

epoch_length=256 kept the stability window inside an epoch but pushed the
2-epochs-behind-immutable bootstrap to ~slot 900 (~15 min), past the Antithesis
setup-time budget, so runs aborted incomplete before amaru ever started.

k=5, f=0.2 gives windows 75 (3k/f) and 100 (4k/f), both < epoch_length=120, so
rewards still stabilise in-epoch, and the bootstrap reaches its 2-epochs-behind
point by ~slot 360 (~6 min). Applied consistently across testnet.yaml,
amaru-runtime/global-parameters.json and amaru-runtime/era-history.json.

moog v0.5.x renamed the linux tarball from moog-*-linux64.tar.gz to
moog-<ver>-x86_64-linux-musl.tar.gz, so the download glob matched nothing
and 'install moog' failed. Match the versioned musl tarball (excludes
moog-agent). Unblocks every cardano-node.yaml launch.

Tasks: #161

stability_window=3k/f=150 and randomness_stabilization_window=4k/f=200 must
be smaller than the epoch; the previous epoch_length=120 made the rewards
stake snapshot never stabilize in-epoch, so the relay died with
RewardsSummaryNotReady at the first boundary. 256 clears both windows.

The lib-consuming adversary (consumes cardano-node-clients @76ae585) supports
protocol version 12; publish-images rebuilds the image from commit 06c56bd.

Tasks: #161 #165

Pin cardano-node-clients at 76ae585019cd239f3f43dbec55ea4af36b8cd0cd and align the adversary component with the cardano-node 11.0.1 / PV12 dependency line.

This drops the local PV11-only chain-sync adversary duplicate and imports the upstream PV12-capable adversary modules instead.

Tasks: #165

The trace fix unmasked a real finding: 'cluster fork depth < k' failed
(62 reorgs > k). In a 2-producer cluster a network partition is a 1-vs-1
split with no majority, so a fork grows unbounded by k. Fix it properly:
- add p3 -> a partition leaves a 2-vs-1 majority that anchors the
  canonical chain, so only the minority reorgs;
- raise securityParam k=10 -> 50 (epochLength 1000 -> 5000, preserving
  cardonnay's 10k/f nonce-stability ratio) so the minority's reorg over a
  multi-minute split stays < k.
Epochs become ~16.7 min, so governance runs need the 3h duration; bump
first_setup's epoch-wait to 1800s. Validated locally: cardonnay
generates a valid 3-pool genesis with securityParam 50 / epochLength 5000.