fix(wallet/melt): replace panicking + with checked_add in saga

[asmogo]

Amount::add uses .expect() which panics on overflow. A malicious mint returning a melt quote with amount + fee_reserve near u64::MAX would crash the wallet process. Replace all 6 arithmetic additions on mint-supplied amounts in the melt saga with checked_add, propagating Error::AmountOverflow instead of panicking.

Affected sites:

• wallet/melt/saga/mod.rs: lines 299, 389, 487, 678, 706
• wallet/melt/mod.rs: change_amount_without_swap (line 476)

Description

---

Notes to the reviewers

---

Suggested CHANGELOG Updates

CHANGED

ADDED

REMOVED

FIXED

---

Checklist

• I followed the code style guidelines
• I ran just quick-check before committing
• If the Wallet API was modified (added/removed/changed), I have reflected those changes in the FFI bindings (crates/cdk-ffi)

[codecov]

Codecov Report

❌ Patch coverage is 68.18182% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.59%. Comparing base (d481edc) to head (7932536).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
crates/cdk/src/wallet/melt/mod.rs	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2137      +/-   ##
==========================================
+ Coverage   71.55%   71.59%   +0.04%     
==========================================
  Files         356      356              
  Lines       73999    74126     +127     
==========================================
+ Hits        52950    53073     +123     
- Misses      21049    21053       +4     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.