[CT-02] Implement POST /revoke in Rust verifier — record document revocation on Stellar

[mftee]

Overview

POST /revoke in the Rust verifier always returns 404 Not Found with the message "Revoke not implemented". Revocation is a critical feature for land documents — a document may be superseded, found fraudulent, or replaced. Once revoked, any public verification check on the document should return its revoked status.

Background

File: contract/src/lib.rs — revoke_handler() (currently returns 404)

Revocation approach on Stellar:
Stellar's ManageData operation can clear a data entry by setting its value to None. However, clearing the anchor removes all evidence of the original record. A better approach is to write a new ManageData entry with a revocation key:

• Key: "revoked_" + &hash[..56] (max 64 bytes)
• Value: { revokedAt: ISO timestamp, reason } serialized to bytes

This preserves the original doc_ entry while adding a revocation marker.

Request body: { hash: string, publicKey: string, reason: string }

Redis cache update: After a successful revocation, update the cached verification result for this hash to include { revoked: true, revokedAt }.

Acceptance Criteria

• POST /revoke writes a revocation ManageData entry on Stellar
• Revocation key format: "revoked_" + hash[:56]
• Returns { txHash, ledger, revokedAt } on success
• Redis cache for stellar:verify:{hash} is updated to reflect revocation
• GET /verify/:hash returns { verified: true, revoked: true, revokedAt } for a revoked hash
• Returns 404 if the hash has no prior anchor record (cannot revoke what was never anchored)