Add signa-spend skill: safely fund a Bankr agent (spend mandates + x402)

[codexvritra]

Companion to the signa skill (thanks for merging that one 🙏). This adds signa-spend — the agentic-commerce trust rail, so a Bankr agent can be funded and spend on its own safely.

The flow, all wallet-signed and keyless:

1. A human wallet-signs a bounded budget — total limit + max-per-purchase + expiry (a spend mandate). Authorization, not custody.
2. The agent records each purchase against it, checked against both caps (per-tx + total, append-only ledger). Over budget returns 409 with exactly how short it is.
3. The agent wallet-signs a budget request when it runs dry — the "agent asks for money" primitive — and the human answers with a fresh mandate.
4. Each purchase gets a verifiable x402 receipt (request → terms → EIP-3009 authorization → delivery).
5. The brain can be metered the same way (mandate_id) — it pays for its own inference within the budget and stops instead of overspending.

Security: ships with the same model as the signa skill — every response is treated as untrusted data, signatures verified against an expected-signer allowlist (grantor / agent / attestor / gateway / brain), fail-closed on mismatch, ±5min timestamp window, replay protection, least-privilege (deny-by-default, only a human signs a mandate). The only wallet ops are an EIP-191 personal_sign of a readable string and an EIP-3009 authorization with an explicit amount/recipient/expiry — never a blind transaction. SIGNA never holds funds; settlement is the permissionless x402 step.

One file: signa-spend/SKILL.md + a README row. Every endpoint is live on prod and was verified end-to-end. Happy to tweak anything.