feat: gate RPC network tx submission behind internal auth header

[kkovaacs]

Adds optional internal auth-header support to the shared gRPC client builder, enforces that header in RPC for network-account deployment submissions, and wires ntx-builder to send it when configured. The default name of the header is x-miden-network-tx-auth.

Covers single-tx and batch submission paths, validates operator-supplied auth config cleanly at startup, and adds the future node CLI surface for RPC network-tx auth settings.

Adds the following CLI options to miden-node full and miden-node sequencer:

RPC configuration:
      --rpc.network-tx-auth-header-name <NAME>
          Optional metadata header name for internal network-transaction RPC authentication.

          This only has an effect when `rpc.network-tx-auth-header-value` is also set.

          [env: MIDEN_NODE_RPC_NETWORK_TX_AUTH_HEADER_NAME=]
          [default: x-miden-network-tx-auth]

      --rpc.network-tx-auth-header-value <VALUE>
          Optional metadata header value for internal network-transaction RPC authentication

          [env: MIDEN_NODE_RPC_NETWORK_TX_AUTH_HEADER_VALUE=]

And miden-ntx-builder gets added the following new CLI options:

      --rpc.auth-header-name <NAME>
          Optional metadata header name for authenticating internal RPC requests

          [env: MIDEN_NODE_NTX_BUILDER_RPC_AUTH_HEADER_NAME=]
          [default: x-miden-network-tx-auth]

      --rpc.auth-header-value <VALUE>
          Optional metadata header value for authenticating internal RPC requests

          [env: MIDEN_NODE_NTX_BUILDER_RPC_AUTH_HEADER_VALUE=]

Closes #2131

[Mirko-von-Leipzig]

LGTM modulo removing the header name config

[Mirko-von-Leipzig]

You may be able to embed this directly into the clap type since it impls from_str

[kkovaacs]

Done in 46dd83f