Add segment verification tool for NIP-01 ids and signatures

[erskingardner]

Problem

Segments are expected to contain canonical, validated Nostr events, but there is no standalone tool for verifying an archive snapshot after the fact.

For academic access and public archive distribution, we need a way to prove that exported segment files contain events whose ids and signatures still validate under NIP-01.

Why this matters

Verification gives researchers confidence that they are working with authentic Nostr events, not just structurally valid notepack records. It also catches archive corruption, encoder bugs, and accidental invalid backfills.

Suggested implementation

Add a CLI tool such as segment-verify.

The tool should:

• Read .notepack and .notepack.gz segments.
• Decode each record into a Nostr event representation.
• Recompute and verify event id.
• Verify Schnorr signature.
• Report total records, verified records, invalid ids, invalid signatures, parse failures, and first failing offsets.
• Optionally support --fail-fast and --sample N modes.

Acceptance criteria

• Valid segment records pass NIP-01 id verification.
• Valid segment records pass signature verification.
• Tampered event content fails verification.
• Tampered signature fails verification.
• Output includes file path and record offset for failures.
• Tests cover valid, tampered-id, and tampered-signature cases.
• just precommit passes before merging.