Institutional Vault Release v2.7.0

Institutional Vault: v2.7.0
Policy Nodes: v8.27.2
NATS: v2.7.0
configmap-init: v0.1.0

Asset and chain identification:
- Add Asset and address registration flows now identify assets with CAIP-19 values obtained from /api/supported-assets.
- The Add Asset dialog populates the blockchain dropdown dynamically from /api/supported-chains instead of a hardcoded list, displaying each chain with its protocol, network, and CAIP-2 identifier.
- Transfer, call-contract, and deploy-contract paths accept CAIP-19 wherever an asset must be specified.
- CAIP-19 columns added to addresses, address balances, assets, and transactions tables with a backfill script for existing data.
- Token balances and transactions are now supported on Canton for any CIP-56 HoldingV1 instrument, not just native Canton Coin.

Policy workflow:
- An Inflight Operations tab in the Policy V2 interface surfaces pending restriction updates that are awaiting approval.

Wallet UI:
- Token icons display native network badges in cold wallet transactions.
- Client-provided crypto icon overrides are supported with backend and default fallback behavior.
- Asset icons are cached in memory after first load, eliminating repeated network requests when scrolling transaction lists.
- Transfer fee rate input is temporarily hidden and FeeRate is optional in transfer requests.
- ETH Sepolia and Hoodi are grouped together on the exchange rate page.
- WalletConnect is deprecated.

Wallet and authentication:
- OIDC callback handling is hardened and auth-dependent requests are deferred until login completes.
- Native token transfers with zero amount to an external address are handled correctly.

Audit and operations:
- Audit logs include resolved wallet addresses, account names, and contract function names (mint, burn, freeze, unfreeze, pause, unpause, clawback) for transfer-family operations.
- Unknown Policy Nodes operations are now captured in audit logs.

Deployment and configuration:
- Azure init jobs are reworked into containers with Go binaries.
- The configurator supports a configurable log level and images are pushed to the blockdaemon/iv/ registry path.
- EVM trackers support a configurable env field.

Policy Nodes:
- Canton raw signing proceeds against applicable rules when a submission references a previously unseen package identifier instead of failing solely for that reason.
- Addresses are resolved to master keys and account names in transaction intents.
- Transaction intents can carry decoded raw transaction context for clearer approver and consumer visibility.
- Restriction function names for Freeze, Unfreeze, Pause, and Clawback are simplified by removing the DTC prefix.

- POST /api/vaults/{id}/addAsset now accepts a single CAIP19 string. Replace the previous L1Protocol, Network, and Asset fields with the matching CAIP-19 from /api/supported-assets.
- POST /api/assets/addAddress requires the CAIP19 field on every request body.
- Update transfer and smart-contract clients to supply CAIP-19 wherever an asset is required. See the bundled CAIP-19 migration guide for common mappings and a checklist.