rs-platform-wallet: migrate AddressPool from platform_payment_managed_account to PlatformPaymentAddressProvider

[Claudius-Maginificent]

Summary

Per @QuantumExplorer's review on PR #3648:

"We haven't been using the platform_payment_managed_account, and have plans to get rid of it entirely. Instead we use the thing in platform wallet."

key_wallet_manager::platform_payment_managed_account is on the removal path. The replacement is platform_wallet::PlatformPaymentAddressProvider. Today the public API in PlatformAddressWallet (next_unused_receive_address, etc.) is already on the modern layer, but the implementation still reaches into managed_account.addresses for the actual AddressPool (containing used_indices, highest_used, gap_limit, mark_index_used, etc.). The provider is currently a read-only sync-state mirror — it has a BiBTreeMap<AddressIndex, PlatformP2PKHAddress> but no pool semantics.

User Story

As a platform-wallet maintainer I want the AddressPool to live on the modern provider so that the deprecated platform_payment_managed_account type can be deleted without breaking the wallet's address-derivation, gap-limit, and Found-026 hand-out-reservation behaviour.

Scope

1. Move AddressPool (or an equivalent stateful structure) onto PlatformPaymentAddressProvider::PerAccountPlatformAddressState, replacing the read-only BiBTreeMap<AddressIndex, PlatformP2PKHAddress> with a pool that owns used_indices, highest_used, highest_generated, gap_limit.
2. Expose next_unused_with_info() and mark_index_used() as crate-public methods on the provider.
3. Refactor PlatformAddressWallet::next_unused_receive_address (packages/rs-platform-wallet/src/wallet/platform_addresses/wallet.rs:232) to call the provider's methods instead of managed_account.addresses — closes the last deprecated-pool touch in the production hand-out path.
4. Update sync paths (sync.rs, transfer.rs, withdrawal.rs) to read pool state from the provider, not from the managed account.
5. Once production no longer touches the deprecated pool, delete platform_payment_managed_account (or whatever subset @QuantumExplorer's removal plan covers).

E2E test impact

The current e2e campaign (#3549) has 8 call sites across 6 files that touch the deprecated pool. Most likely covered by this issue:

File	Line	What it needs	After this issue
tests/e2e/framework/cleanup.rs	251	highest_generated / highest_used for sweep-pool signer ceiling	Reads via new accessor on PlatformAddressWallet (planned in #3549 stop-gap)
tests/e2e/framework/bank.rs	327	same	same
tests/e2e/framework/gap_limit.rs	127	Batch derivation past pool watermark	Needs new batch-derive API on provider
tests/e2e/cases/pa_005b_gap_limit_triplet.rs	172, 214	mark_index_used on boundary, gap_limit read	Rewrite against provider pool, or retire if provider doesn't expose mutation
tests/e2e/framework/wallet_factory.rs	1151	Inspect used_indices for Found-026 guard	Rewrite against provider pool

PR #3549 ships with two new wrapper accessors (platform_payment_account_max_derived_index, platform_payment_account_gap_limit) and #[allow(deprecated)] annotations on the un-migratable test sites — see PR for stop-gap details. Once this issue lands, those #[allow(deprecated)] sites can be cleaned up and PA-005b can be rewritten or retired.

Related

• @QuantumExplorer's review on PR fix(platform-wallet): local-ledger ownership guard (V27-007) #3648 (kicked off this work)
• PR fix(platform-wallet): reserve receive address via AddressReservations (Found-026) [backport] #3658 (Found-026 fix) — internally touches the same pool; the deprecated touch goes away when this issue lands
• PR test(platform-wallet): e2e framework + full test suite — triage pins, Found-*/PA-* guards, fail-closed persist, Stage-2 merge #3549 (e2e campaign) — adds stop-gap accessors + suppressions citing this issue

Acceptance criteria

• platform_payment_managed_account is deleted (or whatever subset @QuantumExplorer's removal plan covers)
• All in-tree references to managed_account.addresses (the pool) are gone
• All #[allow(deprecated)] annotations added in test(platform-wallet): e2e framework + full test suite — triage pins, Found-*/PA-* guards, fail-closed persist, Stage-2 merge #3549 referencing this issue are removed
• PA-005b is either rewritten against the modern pool or formally retired with a migration note
• All existing e2e tests still pass

Out of scope

• Persistence of the in-memory mark_index_used flip on hand-out (tracked separately in register_wallet: partial-commit on restore-phase failure (persisted record orphaned) #3736)
• Two-phase commit / atomicity of register_wallet (tracked in register_wallet: partial-commit on restore-phase failure (persisted record orphaned) #3736)

_{🤖 Co-authored by Claudius the Magnificent AI Agent}

[Claudius-Maginificent]

Closing — this duplicated tracking that lives on @QuantumExplorer's side (deprecation plan noted on PR #3648 review). The stop-gap suppressions on PR #3549 will reference his #3648 comment directly instead of this issue. Sorry for the noise.

_{🤖 Co-authored by Claudius the Magnificent AI Agent}