[runtime] add flow trace ids to signed receipts

[GsCommand]

Motivation

• Provide a real execution trace model so multi-step flows share one trace_id while each step has a unique receipt_id and all proof fields remain verifiable and present in signed receipts.
• Ensure the runtime returns a frontend-safe execution trace (ordered steps + final receipt) without breaking existing signing or verification contracts.

Description

• Generate or reuse a flow-level trace_id with makeTraceId() and create unique per-step IDs via makeFlowReceiptId(), and accept these in makeReceipt({ ..., traceId, receiptId }) so they are included in metadata and metadata.proof where appropriate (server.mjs).
• Preserve deterministic signing by calling signReceiptEd25519Sha256 from @commandlayer/runtime-core unchanged, then mirror the runtime-level receipt_id/trace_id into receipt.metadata and receipt.metadata.proof after signing to keep verification consistent (server.mjs).
• Add top-level response fields in wrapReceiptResponse to return trace_id, an ordered steps list of { step, receipt }, and final_receipt while still returning the existing receipt and runtime_metadata to remain backward compatible (server.mjs, README.md).
• Update tests to validate new behavior and formats, including single-step and multi-step chain flows reusing trace_id, unique receipt_id per step, and unchanged signature/hash verification (runtime/tests/runtime-signing.test.mjs, tests/smoke.mjs).

Testing

• Ran syntax check with npm run check, which passed successfully.
• Ran unit tests with npm run test:unit, which passed all tests (19 tests, all OK) including updated signing/chain assertions.
• Ran end-to-end smoke with node tests/smoke.mjs, which passed and confirmed the frontend-facing trace_id, steps, final_receipt, per-step receipt_id format, and successful /verify checks.

---

Codex Task