fix: resolve signed integer overflow UB in CoinJoin priority and timeout

CalculateAmountPriority in common.h could overflow when assigning a
negated int64_t division result to an int return type with extreme
CAmount values. Add a MoneyRange guard to return 0 for out-of-range
inputs, as CoinJoin amounts are always within valid money range.

IsTimeOutOfBounds in coinjoin.cpp could overflow on signed subtraction
when current_time and nTime are extreme values. Add a guard rejecting
negative timestamps (which are always invalid) so the original
subtraction logic is safe for all remaining non-negative inputs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: thepastaclaw

src/coinjoin/coinjoin.cpp

@@ -57,6 +57,7 @@ bool CCoinJoinQueue::CheckSignature(const CBLSPublicKey& blsPubKey) const
 
 bool CCoinJoinQueue::IsTimeOutOfBounds(int64_t current_time) const
 {
+    if (current_time < 0 || nTime < 0) return true;
     return current_time - nTime > COINJOIN_QUEUE_TIMEOUT ||
            nTime - current_time > COINJOIN_QUEUE_TIMEOUT;
 }

src/coinjoin/common.h

@@ -127,6 +127,7 @@ constexpr int CalculateAmountPriority(CAmount nInputAmount)
     }
 
     //nondenom return largest first
+    if (nInputAmount < 0 || nInputAmount > MAX_MONEY) return 0;
     return -1 * (nInputAmount / COIN);
 }