fix: validate LNURL-pay amount

[ovitrif]

Description

This PR:

1. Validates that returned LNURL-pay invoices include an amount.
2. Rejects returned LNURL-pay invoices when the invoice amount differs from the requested amount.
3. Bumps bitkit-core to 0.1.75 and updates generated bindings.

Core release: https://github.com/synonymdev/bitkit-core/releases/tag/v0.1.75

Preview

N/A

QA Notes

Manual Tests

N/A

Automated Checks

• cargo fmt
• cargo test modules::lnurl
• ./build.sh all
• swift package compute-checksum bindings/ios/BitkitCore.xcframework.zip
• git diff --check
• Release asset digest: sha256:9e4c13246dee06e38491d4112029352b60032df54ac7ed885a64375186c6dc3b
• Gradle Package workflow completed for v0.1.75

[coreyphillips]

LGTM!

Only small items that popped up were the following:

1. Dead code from a checked-in reversal

Commit 1 added a LUD-06 description-hash / metadata check; commit 2 removed it. The result is:

• validate_lnurl_pay_invoice's _metadata parameter is now unused, and data.metadata_str is passed through for no reason.
• The public LnurlError::MetadataMismatch variant is now dead API surface in the generated Swift, Kotlin, and Python bindings.
• The renamed test ..._with_different_description now documents that metadata is intentionally not checked.

2. No HTTP timeout on the callback fetch

The callback uses reqwest::get, which creates a client with no request timeout and follows redirects. A malicious or slow callback server can therefore keep the spawned task hanging indefinitely (e.g. via a Slowloris-style response).

[ovitrif]

Thanks @coreyphillips, reason to keep API surface changes smallest was for temporary reasons to not invalidate too much of previous session's testing; more cleanup will follow on this PR before merging it back to master 🙏🏻

Then we can change apps too so they don't need handling of "dead code" like MetadataMismatch error types, and those can go through normal release procedure which allows time to test.