refactor: derive deploy salt from canonical XDR(owner)

[aguilar1x]

Summary

derive_salt hashed owner.to_string() (StrKey display text) into a fixed 56-byte buffer. This ties the deterministic vault address to a display encoding and contradicts the README, which documents the preimage as raw owner address bytes.

This PR hashes the owner's canonical XDR serialization (Address::to_xdr) instead, and documents the exact preimage in the README.

deploy_salt   = keccak256( user_salt (32 bytes) || XDR(owner) )
vault_address = hash( factory_address || deploy_salt )

Why

• An off-chain client precomputing a vault address naturally produces canonical XDR bytes, not the StrKey string — the old code would make precomputed and on-chain addresses diverge.
• Aligns the contract with what the README already promised (owner_address_bytes).
• Removes the fragile fixed [u8; 56] buffer assumption.

Safety

Safe to change now: no off-chain client precomputes addresses yet, and no production vaults are deployed. Changing the derivation only affects addresses for a given (owner, salt) going forward.

[coderabbitai]

Warning

Review limit reached

@aguilar1x, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 9 minutes and 35 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eb7ba17c-c44a-4a0c-8f95-0fb2d90145de

📥 Commits

Reviewing files that changed from the base of the PR and between a3706c1 and ed3c899.

📒 Files selected for processing (2)

• contracts/vc-vault-factory/README.md
• contracts/vc-vault-factory/src/contract.rs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/derive-salt-xdr

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}