Refactor crypto package to use p256k1 signer

- Replaced the p256k package with p256k1.mleku.dev/signer across the codebase, updating all instances where the previous signer was utilized.
- Removed the deprecated p256k package, including all related files and tests, to streamline the codebase and improve maintainability.
- Updated various components, including event handling, database interactions, and protocol implementations, to ensure compatibility with the new signer interface.
- Enhanced tests to validate the new signing functionality and ensure robustness across the application.
- Bumped version to v0.23.3 to reflect these changes.

scripts/run-policy-filter-test.sh

@@ -38,13 +38,13 @@ package main
 import (
 	"encoding/json"
 	"fmt"
-	"next.orly.dev/pkg/crypto/p256k"
+	p256k1signer "p256k1.mleku.dev/signer"
 	"next.orly.dev/pkg/encoders/hex"
 )
 
 func main() {
 	// Generate allowed signer
-	allowedSigner := &p256k.Signer{}
+	allowedSigner := p256k1signer.NewP256K1Signer()
 	if err := allowedSigner.Generate(); err != nil {
 		panic(err)
 	}
@@ -52,7 +52,7 @@ func main() {
 	allowedSecHex := hex.Enc(allowedSigner.Sec())
 
 	// Generate unauthorized signer
-	unauthorizedSigner := &p256k.Signer{}
+	unauthorizedSigner := p256k1signer.NewP256K1Signer()
 	if err := unauthorizedSigner.Generate(); err != nil {
 		panic(err)
 	}

scripts/test-workflow-act.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+# Run GitHub Actions workflow locally using act
+# Usage: ./scripts/test-workflow-local.sh [job-name]
+#   job-name: optional, defaults to 'build'. Can be 'build' or 'release'
+
+set -e
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+WORKFLOW_FILE="${SCRIPT_DIR}/../.github/workflows/go.yml"
+JOB_NAME="${1:-build}"
+
+# Check if act is installed
+if ! command -v act >/dev/null 2>&1; then
+    echo "Error: 'act' is not installed"
+    echo "Install it with:"
+    echo "  curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash"
+    echo "  # or on macOS: brew install act"
+    exit 1
+fi
+
+echo "=== Running GitHub Actions workflow locally ==="
+echo "Workflow: .github/workflows/go.yml"
+echo "Job: $JOB_NAME"
+echo ""
+
+case "$JOB_NAME" in
+    build)
+        echo "Running build job..."
+        act push --workflows "$WORKFLOW_FILE" --job build
+        ;;
+    release)
+        echo "Running release job (simulating tag push)..."
+        # Simulate a tag push event with a valid tag format
+        # The workflow requires build to run first and succeed
+        echo "Step 1: Running build job (required dependency)..."
+        if ! act push --workflows "$WORKFLOW_FILE" --job build; then
+            echo "Error: Build job failed. Release job cannot proceed."
+            exit 1
+        fi
+        
+        echo ""
+        echo "Step 2: Running release job..."
+        echo "Note: GitHub release creation may fail locally (no valid token), but binary building will be tested"
+        # Use a tag that matches the workflow pattern: v[0-9]+.[0-9]+.[0-9]+
+        # Provide a dummy GITHUB_TOKEN to prevent immediate failure
+        # The release won't actually be created, but the workflow will test binary building
+        # Temporarily disable exit on error to allow release step to fail gracefully
+        set +e
+        GITHUB_REF=refs/tags/v1.0.0 \
+        GITHUB_TOKEN=dummy_token_for_local_testing \
+        act push \
+            --workflows "$WORKFLOW_FILE" \
+            --job release \
+            --secret GITHUB_TOKEN=dummy_token_for_local_testing \
+            --eventpath /dev/stdin <<EOF
+{
+  "ref": "refs/tags/v1.0.0",
+  "pusher": {"name": "test"},
+  "repository": {
+    "name": "next.orly.dev",
+    "full_name": "test/next.orly.dev"
+  },
+  "head_commit": {
+    "id": "test123"
+  }
+}
+EOF
+        RELEASE_EXIT_CODE=$?
+        set -e
+        
+        # Check if binary building succeeded (exit code 0) or if only release creation failed
+        if [ $RELEASE_EXIT_CODE -eq 0 ]; then
+            echo "✓ Release job completed successfully (including binary building)"
+        else
+            echo "⚠ Release job completed with errors (likely GitHub release creation failed)"
+            echo "  This is expected in local testing. Binary building should have succeeded."
+            echo "  Check the output above to verify 'Build Release Binaries' step succeeded."
+        fi
+        ;;
+    *)
+        echo "Error: Unknown job '$JOB_NAME'"
+        echo "Valid jobs: build, release"
+        exit 1
+        ;;
+esac
+
+echo ""
+echo "=== Workflow completed ==="
+

scripts/test-workflow-local.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+# Manual test script for .github/workflows/go.yml
+# This replicates the build job steps locally
+
+set -e
+
+echo "=== Testing GitHub Actions Workflow Locally ==="
+echo ""
+
+# Check Go version
+echo "Checking Go version..."
+go version
+echo ""
+
+# Build without cgo
+echo "Building with cgo disabled..."
+CGO_ENABLED=0 go build -v ./...
+echo ""
+
+# Test without cgo
+echo "Testing with cgo disabled..."
+CGO_ENABLED=0 go test -v $(go list ./... | xargs -n1 sh -c 'ls $0/*_test.go 1>/dev/null 2>&1 && echo $0' | grep .)
+echo ""
+
+echo "=== Build job completed successfully ==="
+