Add WASM determinism test asserting byte-identical builds across two clean toolchains

[Baskarayelu]

Description

Stellar mainnet auditors rely on reproducible WASM artifacts. Add a CI job that builds quicklendx-contracts twice in fresh containers with locked toolchain (rust-toolchain.toml) and asserts the resulting .wasm hashes match. Diverging hashes signal non-determinism (build-time clocks, parallel codegen ordering) that would block a credible audit.

Requirements and context

• Secure: build job runs in isolated container; cache disabled to expose non-determinism.
• Tested: two builds compared via sha256.
• Documented: docs/reproducible-builds.md.
• Reference: Cargo.toml, scripts/check-wasm-size.sh.

Suggested execution

git checkout -b feature/wasm-reproducible-build

• Add scripts/reproducible-build.sh running two clean builds and diffing hashes.
• CI workflow invoking the script.
• Docs: docs/reproducible-builds.md.
• Rust doc comments only where new helper modules are added.
• Validate that the lockfile, toolchain, and codegen units are pinned.

Test and commit

Run bash scripts/reproducible-build.sh locally and capture both hashes. Include note that any future divergence blocks release.

Example commit message

ci(wasm): assert byte-identical builds across two clean toolchain runs

Guidelines

• Minimum 95% test coverage
• Clear documentation in docs/reproducible-builds.md
• Timeframe: 96 hours