cardano-testnet: Wrap env into opaque TestnetEnv type with smart constructors

[palas]

Problem

Currently, cardanoTestnet receives a Conf (which is essentially a FilePath plus flags). There is no validation that the directory contains a valid environment — if files are missing or malformed, the error surfaces deep in the runtime as a confusing read/parse failure.

Proposed fix

Define an opaque TestnetEnv type that can only be constructed through validated smart constructors:

-- | A validated testnet environment, ready for cardanoTestnet.
-- Only constructable via createTestnetEnv or loadTestnetEnv.
data TestnetEnv = TestnetEnv
  { envPath     :: TmpAbsolutePath
  , envManifest :: TestnetEnvManifest
  , envConfig   :: KeyMap Aeson.Value
  }
-- No exported constructor.

-- | Create env from scratch (used by create-env and direct cardano)
createTestnetEnv :: EnvCreationOptions -> GenesisOptions -> ... -> m TestnetEnv

-- | Load env from disk (used by cardano --node-env)
loadTestnetEnv :: FilePath -> m TestnetEnv

cardanoTestnet then takes TestnetEnv instead of Conf:

cardanoTestnet :: RuntimeOptions -> TestnetEnv -> m TestnetRuntime

loadTestnetEnv validates the directory (checks that required files exist, reads and validates the manifest) and fails early with a clear error.

Depends on

• cardano-testnet: Add TestnetEnvManifest to systematise cross-phase data passing #6461 (TestnetEnvManifest)
• cardano-testnet: Default to UpdateTimestamps in the UserProvidedEnv branch #6455 (UpdateTimestamps default)
• cardano-testnet: Recompute genesis hashes in configuration.yaml if missing #6456 (genesis hashes recomputation)

Type: Refactoring

Effort: Medium (~100 lines: new type, smart constructors, update cardanoTestnet signature, update tests and createAndRunTestnet)

Risk: Medium (wider API change — tests and integration code need updating)