fix(ttx): avoid GetSigner for remote identities via IsMe gate

[atharrva01]

Closes #1226

Every token transfer has a list of signer identities -- some local, some remote. Before this fix, requestSignatures() was calling GetSigner() on every identity unconditionally.

For regular X.509 identities that's a cheap failure. For idemix pseudonyms it's not: GetSigner() internally calls DeserializeSigningIdentity(), which generates a real cryptographic signature as a liveness check -- even for remote identities that will just fail anyway. In a multi-party transfer, this adds up.

The fix

I gated GetSigner() behind IsMe():

// Before
if signer, err := sigService.GetSigner(ctx, signerIdentity); err == nil { … }

// After
if sigService.IsMe(ctx, signerIdentity) {
    signer, err := sigService.GetSigner(ctx, signerIdentity)
    …
}

IsMe() uses an in-memory cache + lightweight DB lookup -- no crypto, no key deserialization. Remote identities are filtered out before any crypto is touched. The rest of the flow (owner-wallet check, remote signing) is unchanged.

Testing

Added TestRequestSignatures_RemoteIdentity_SkipsGetSigner -- sets up a remote identity, configures IsMe() to return false, and asserts GetSigner call count stays at zero. All existing token/services/ttx/... tests pass.

[atharrva01]

hi @adecaro , I gated GetSigner() behind IsMe() to skip unnecessary idemix crypto costs for remote identities.

[adecaro]

Hi @atharrva01 , thank you for submitting this and sorry for the late reply 🙏

I'll review ASAP. I'm curious to look at your approach more carefully 😄

[adecaro]

Hi @atharrva01 , apologies for this late reply. I just want to double check the semantic.
I'm not sure if we are solving the problem. That code that uses the signatures might still be needed.

[atharrva01]

Hi @adecaro! You're right to flag this.

The issue is that IsMe() relies on GetExistingSignerInfo, which only tracks identities where StoreSignerInfo was previously called, and that only happens inside a successful GetSigner(). RegisterIdentityDescriptor (called at wallet init) writes to a separate table and populates the in-memory cache, but not the signer-info row. So after a restart, IsMe() can return false for a locally-owned identity that hasn't been through GetSigner() in the current process, causing the gate to skip local signing incorrectly.

I fixed it by calling StoreSignerInfo inside RegisterIdentityDescriptor when the descriptor has a signer, so IsMe() stays accurate across restarts.

Also, for idemixnym identities specifically, DeserializeSigner calls GetSignerInfo first and fails fast before any crypto for remote identities, so the expensive sign-and-verify was only being hit for raw idemix, not pseudonyms. The gate still cuts that cost.

All identity and ttx tests pass.