fix(replication): require aged repair hints before audits

[mickvandijke]

What this changes

The PR changes audit eligibility for replica chunks.

Previously, once this node had sent a peer a repair hint for a chunk, that peer could become audit-eligible for that chunk after the existing later sync-epoch gate.

Now, the repair hint must satisfy both conditions before the peer can be audited for that chunk:

1. The hint was recorded in an earlier local sync epoch.
2. The hint is at least 1 hour old.

Concretely:

• Adds REPAIR_HINT_MIN_AGE = 1 hour.
• Stores the local Instant when a repair hint is recorded as sent.
• Updates has_mature_replica_hint to require elapsed time >= 1 hour.
• Applies the same maturity check to normal audits and prune-confirmation audits.
• Keeps production timestamp recording internal, so callers cannot spoof the send time.
• Adds tests covering fresh hints being rejected and old hints being accepted.

This prevents this failure mode: we send a peer a repair hint for chunk K, then immediately audit that peer for K before it had a fair chance to fetch/store it.

Tests

• cargo fmt --all -- --check
• cargo test repair_proofs --lib
• cargo test audit_key_filter_retains_stable_proofs_and_rejects_evicted_peers --lib
• cargo clippy --all-targets --all-features -- -D warnings
• cargo test --features test-utils --test e2e test_prune_pass_requires_remote_confirmation_before_delete -- --nocapture