Add Stellar wallet signature verification middleware for mutating routes

[Chucks1093]

Summary

Any route that creates or updates creator data currently has no way to confirm the request actually comes from the wallet owner. Without signature verification, anyone who knows a wallet address can impersonate that creator. The server needs middleware that validates a Stellar keypair signature on mutating requests before the handler runs.

Scope

• Accept a signed payload in a request header (e.g. X-Wallet-Signature) containing the request body hash signed with the sender's Stellar private key
• Verify the signature against the wallet_address field in the request using Stellar's Ed25519 verification
• Return a 401 with a descriptive error if verification fails
• Apply middleware to: creator registration, creator profile update, and any future admin-only mutation routes
• Document the signing format so client contributors can implement it

Acceptance Criteria

• Middleware verifies Ed25519 signatures against the Stellar wallet address
• Returns 401 Unauthorized with a clear error body on invalid or missing signature
• Creator registration and profile update routes are protected
• Integration test covers: valid signature passes, tampered body fails, wrong key fails
• Signing format is documented in the contributor guide

---

Coordinate on Telegram

[shadrach68]

I would like to work on this issue because I am a full-stack developer with 5+ years experience. I focus on identifying root causes and delivering clean, efficient, and maintainable solutions, with thorough testing to ensure reliable results.

[barry01-hash]

I would love to work on this project