Network-wide announcements signed by the bootstrap anchor posting id

New primitive: `VisibilityIntent::Announcement`, a public post whose
author MUST be the hardcoded bootstrap anchor posting identity
(`DEFAULT_ANCHOR_POSTING_ID`) and whose content carries an ed25519
signature by that key. Forged announcements (any other author, or
bad signature) are rejected by `control::receive_post` before storage
— they never enter the DB and never propagate via neighbor-manifest
diffs. Only the real anchor can publish announcements, and it does so
sparingly as part of the release deploy flow.

Uses release announcements to drive an in-app upgrade banner:
- Anchor publishes a signed `{category:release, version, channel,
  download_url, ...}` post during every deploy.
- Clients receive it via the normal CDN; `apply_announcement_if_applicable`
  stores the latest-per-category/channel in the settings kv, keyed
  e.g. `announcement:release:stable`.
- Welcome screen checks storage on startup; if the stored release
  version > CARGO_PKG_VERSION on the user's selected channel, a banner
  appears with a Download button that opens the system browser.
- Settings gets "Updates" section with Stable / Beta radio + Check-now
  button + current status line.

Core:
- `DEFAULT_ANCHOR_POSTING_ID: NodeId` constant (32 bytes, the anchor's
  current posting id — `17af141956ae...`).
- New `VisibilityIntent::Announcement` variant; feed filters in all 6
  `get_feed*` / `list_posts*` query sites updated to also exclude the
  new intent AND the pre-existing `GroupKeyDistribute` intent.
- `types::AnnouncementContent` + `ReleaseAnnouncement` structs.
- `crypto::{sign,verify}_announcement` — length-prefixed field digest
  with a "has release" 1-byte flag.
- New `announcement` module with `verify_announcement_post`,
  `apply_announcement_if_applicable`, `latest_release`,
  `build_announcement_post`, and a `StoredAnnouncement` envelope saved
  to settings so the UI can render without a full post scan.
- `Node::publish_announcement` refuses to run unless the default posting
  id equals the anchor constant — accidental use on client installs
  fails loud.

Wire / receive:
- `control::receive_post` verifies announcement signatures upfront
  alongside Control and Profile. Same pattern; same guarantees.

CLI one-shots (no daemon):
- `itsgoin <data_dir> --print-identity` — prints network_id +
  default_posting_id, exits.
- `itsgoin <data_dir> --announce --ann-category release
  --ann-channel stable --ann-version X --ann-title ... --ann-body ...
  --ann-url https://itsgoin.com/download.html` — builds + stores +
  propagates the signed post, exits.

deploy.sh:
- Now runs the announce one-shot inside the anchor-restart window
  (after binary swap, before start). The DB is free during that gap,
  so the one-shot can write without conflicting with the running
  daemon. The restarted daemon loads all storage on boot and serves
  the new announcement to pulling peers.

Tauri IPC:
- `check_release_announcement(channel)` → Option<ReleaseAnnouncementDto>
  — returns None when up-to-date.
- `get_update_channel` / `set_update_channel(channel)` — persists in
  settings kv key `ui_update_channel`; defaults to stable.
- `open_url_external(url)` — desktop-only (xdg-open / open / cmd start);
  refuses non-http(s) URLs. Android needs the opener plugin — TODO.

Frontend:
- Upgrade banner on the welcome screen, populated by
  `loadUpgradeBanner()`. Hidden when no newer release is known.
- Settings → Updates section with Stable/Beta radio + Check-now button
  + current status line.

Tests: announcement signature roundtrip; non-anchor author rejection;
non-announcement intent is a no-op. 124 / 124 core tests pass.

frontend/index.html

@@ -41,6 +41,13 @@
       <div style="text-align:center;padding:2rem 1rem">
         <h2 style="color:#7fdbca;margin-bottom:0.25rem">Welcome back!</h2>
         <p style="color:#e0e0e0;font-size:1.1rem;margin-bottom:0.5rem">How's it goin?</p>
+        <!-- Release upgrade banner: populated by loadUpgradeBanner() when a
+             newer version is announced on the user's selected update channel. -->
+        <div id="upgrade-banner" class="hidden" style="max-width:360px;margin:0 auto 1rem;padding:0.8rem 1rem;border:1px solid #7fdbca;border-radius:8px;background:#0f2a26;text-align:left;font-size:0.9rem">
+          <div id="upgrade-banner-title" style="color:#7fdbca;font-weight:600;margin-bottom:0.3rem"></div>
+          <div id="upgrade-banner-body" style="color:#c0d0c0;font-size:0.82rem;margin-bottom:0.6rem"></div>
+          <button id="upgrade-banner-btn" style="padding:0.5rem 1rem;border:none;border-radius:6px;background:#7fdbca;color:#0a1a18;font-weight:600;cursor:pointer;width:100%">Download upgrade</button>
+        </div>
         <p style="color:#666;font-size:0.8rem;margin-bottom:1.5rem">Connecting and getting updates usually takes a couple minutes.<br>New things we've found so far:</p>
         <div id="welcome-counts" style="display:flex;flex-wrap:wrap;gap:1rem;justify-content:center;color:#888;font-size:0.85rem">
           <div><span id="welcome-connections" style="font-size:1.4rem;font-weight:700;color:#5b8def;display:block">-</span>Connections</div>
@@ -181,6 +188,17 @@
         <div id="circle-profiles-body" class="hidden"><div id="circle-profiles-list"></div></div>
       </div>
 
+      <div class="section-card" style="text-align:center">
+        <h3 style="margin-bottom:0.25rem">Updates</h3>
+        <p class="empty-hint" style="margin-bottom:0.5rem">Network-wide release announcements are signed by the bootstrap anchor and arrive via the CDN. Choose which channel to follow.</p>
+        <div id="update-channel-row" style="display:flex;gap:1rem;justify-content:center;margin-bottom:0.5rem">
+          <label style="cursor:pointer"><input type="radio" name="update-channel" value="stable" id="channel-stable" checked> Stable</label>
+          <label style="cursor:pointer"><input type="radio" name="update-channel" value="beta" id="channel-beta"> Beta</label>
+        </div>
+        <div id="update-status" class="empty-hint" style="font-size:0.8rem"></div>
+        <button id="check-updates-btn" class="btn btn-ghost btn-sm" style="margin-top:0.5rem">Check now</button>
+      </div>
+
       <div class="section-card" style="text-align:center">
         <h3 style="margin-bottom:0.5rem">Identities</h3>
         <div id="identities-list" style="margin-bottom:0.5rem"></div>