[WIP] feat(lightning): add CLN RPC

[b-l-u-e]

• CLNRPCWallet in cashu/lightning/cln_rpc.py (JSON-RPC over Unix socket)
• CLNRPCFundingSource in settings; export in lightning init
• Tests in tests/mint/test_mint_lightning_cln_rpc.py
• .env.example: add CLNRPCWallet to supported list and MINT_CLN_RPC_* vars

This closes #519

[callebtc]

I love this PR

[a1denvalu3]

The most serious vulnerability in the feat/lightning-cln-rpc branch is a Zero Division Error leading to a Denial of Service (DoS) in the pay_invoice method of CLNRPCWallet.

When a user requests a MeltQuote with is_mpp=True and mpp_amount=0, the get_payment_quote method creates a quote with amount=0. When the user subsequently pays this quote, the pay_invoice method calculates fee_limit_percent by dividing by quote_amount_msat (which is 0):

quote_amount_msat = Amount(Unit[quote.unit], quote.amount).to(Unit.msat).amount
fee_limit_percent = fee_limit_msat / quote_amount_msat * 100  # ZeroDivisionError

This raises a ZeroDivisionError, crashing the payment process and returning an HTTP 500 error. An attacker can repeatedly trigger this to cause a DoS.

Exploit PoC:

1. Create a valid Bolt11 invoice.
2. Request a MeltQuote via POST /v1/melt/quote with is_mpp=True and mpp_amount=0.
3. Pay the resulting quote via POST /v1/melt.
4. The server crashes with a ZeroDivisionError in cln_rpc.py.

Additionally, there is a severe functional bug breaking all Multi-Part Payments (MPP):
In pay_invoice, the code uses params["partial_msat"] = quote_amount_msat. However, Core Lightning's pay RPC does not accept a partial_msat parameter (it expects amount_msat). This causes Core Lightning to reject any MPP payment with an "Unknown parameter" error, rendering the MPP functionality completely broken.