fix(cdk-axum): require swap auth before serving cached responses

[prusnak]

Move /v1/swap auth verification ahead of the NUT-19 cache lookup.

The generated cache wrapper for post_swap calculated the cache key and returned cached SwapResponse values before calling the wrapped handler. Since post_swap performed verify_auth internally, a caller who replayed an identical cached swap body could receive the cached response without presenting or consuming auth on protected swap routes.

Replace the generated swap cache wrapper with a swap-specific implementation that verifies route auth first, then checks the cache. On cache misses, the wrapper processes the swap and stores the response as before. The swap path is split into small helpers so auth is not checked twice on misses and blind auth tokens are consumed exactly once per request.

Add a regression test that preloads a cached swap response for a clear-auth protected swap route and verifies an unauthenticated request is rejected before the cached response can be returned.

[codecov]

Codecov Report

❌ Patch coverage is 95.16129% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.41%. Comparing base (2223ddb) to head (06c52db).

Files with missing lines	Patch %	Lines
crates/cdk-axum/src/router_handlers.rs	95.16%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2109      +/-   ##
==========================================
+ Coverage   71.36%   71.41%   +0.04%     
==========================================
  Files         356      356              
  Lines       73660    73713      +53     
==========================================
+ Hits        52569    52643      +74     
+ Misses      21091    21070      -21     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.