Fix: AnyTrust: preserve recorded keyset-tree preimages on discarded batches

[uprotocore]

Problem

When an AnyTrust node is run with the staker block validator enabled, validation can get stuck around a “poison” / invalid-data batch:

• the AnyTrust batch recovery path fetches and records the DAC keyset-tree (dastree) preimages,
• then it determines the Data Availability Certificate is invalid and discards the payload,
• but it returns preimages=nil, dropping the recorded keyset-tree preimages,
• the WASM validator later requests those typed preimages and fails with “missing requested preimage”.

Because block-by-block validation must be deterministic (no network fetches during validation), missing keyset/tree preimages can stall validation and prevent assertion confirmation and downstream withdrawal flows.

Fix: never drop recorded preimages on discard

Update daprovider/anytrust/util.recoverPayloadFromBatchInternal to always return the caller-provided preimages map for non-fatal “discard” paths (i.e. cases where payload=nil is an expected outcome), instead of returning preimages=nil.

This ensures any keyset-tree preimages recorded before the discard decision are preserved and can be forwarded to the WASM preimage oracle, allowing validation to deterministically reach the discard decision and continue.

Changes in this PR

• daprovider/anytrust/util/util.go: return (nil, preimages, nil) on discard branches (too-short message, cert deserialize failure, unsupported cert version, bad signature, and “expires too soon”).
• daprovider/anytrust/util/util_test.go: add unit tests covering discard-by-bad-signature and discard-by-expires-too-soon, asserting:
  • keyset preimages are recorded and returned,
  • no payload fetch is attempted for discarded batches.

Why this is safe

• Does not change the discard decision or payload bytes; it only preserves already-recorded preimage side data.
• Only affects the validation preimage side-channel; nodes not running the block validator are unaffected.
• Improves determinism: all required preimages are included in the validation input rather than fetched at runtime.

Testing / verification plan

• Run an AnyTrust node with the block validator enabled against a chain that includes an invalid-cert (“poison”) batch.
• Confirm validation progresses past the poison point and logs no longer show missing typed preimages.
• Unit tests: go test ./daprovider/anytrust/util -run TestRecoverPayloadFromBatch -count=1 (pass)

Out of scope

• Alternative Fix (reordering the “expires too soon” check earlier to avoid unnecessary keyset fetch/signature work) is intentionally not included in this PR.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[uprotocore]

FYI, CLA is signed, but hasn't propagated there for some reason.