fix(specs): align validate_owner harness with processor logic

[Stevengre]

Summary

This updates the shared validate_owner harness to mirror Processor::validate_owner: iterate only over multisig.signers[..multisig.n], track matched positions, and count unique signer matches.

Context

The shared harness diverged from the processor logic in two places: it iterated over all signer slots, and it counted matches without the processor's matched[position] deduplication. That mismatch kept multisig proofs exploring signer-equality branches that the real processor would already have discharged.

Red vs Green

Red:

• The harness scanned every signer slot and counted matches differently from Processor::validate_owner.
• test_process_revoke_multisig kept its frontier inside validate_owner signer/key equality.

Green:

• The harness now follows the processor's loop bounds and match counting exactly.
• The signer/key-equality frontier moves past the harness mismatch and exposes the next real semantic blocker.

References

• Repository reference implementation:
  • program/src/processor.rs::validate_owner