[Dijkstra] phase-1 check: requiredTopLevelGuards in top-level guards

[williamdemeo]

Problem

CIP-0118 says ledger must enforce that guard hashes/credentials required by subTxs are present in the top-level guards list.

Implement

• Define predicate: requiredTopLevelGuardsSatisfied : TopLevelTx → List SubTx → Type
• Make phase-1 fail if this is violated.

Acceptance criteria

• The new code type-checks.
• The phase-1 check exists in the validation pipeline (where other structural checks live).
• Clear error/lemma boundary: "this is a phase-1 condition."