Unify signing identity resolution across all transport callers

Background

Every command that calls HttpTransport must pass a SigningIdentity resolved against the actual target remote URL, not the repo's default hub URL. The two can differ — e.g. when a named remote points to staging while the repo's [hub] url is localhost:1337.

ls-remote had a concrete bug (HTTP 401 on staging): it called get_signing_identity(root) before resolving the remote URL, so it looked up the key for localhost instead of staging.musehub.ai. Fix shipped in feat/test-merge-6. Remaining callers need auditing.

Callers and current pattern

ls_remote.py — get_signing_identity(root, remote_url=url) after URL resolution — FIXED fetch.py — get_signing_identity(root, remote_url=url) — correct clone.py — get_signing_identity(root, remote_url=url) — correct pull.py — get_signing_identity(root) no remote_url — needs audit push.py — get_signing_identity(root) no remote_url — needs audit release.py — needs audit domains.py — needs audit

Also spotted

proposalType from the hub still returns 'state_merge' — legacy value not covered by migration 0070 which only handled mergeStrategy. Needs its own migration and enum cleanup.

Phases

1. Audit all callers — document which ones omit remote_url.
2. Fix callers — resolve URL first, then get_signing_identity(root, remote_url=url). Regression tests per TestSigningIdentityForwarding pattern.
3. proposalType cleanup — migration 0071, rename state_merge to merge. Update enum, service, MCP tools, templates.
4. Integration test — ls-remote, fetch, pull, push against non-default hub URL, assert no 401s.