feat: reject NIP-70 protected events

[Anshumancanrock]

Description

Adds rejection logic for NIP-70 protected events in EventMessageHandler.

• Events with a ["-"] tag get rejected with auth-required: this event may only be published by its author (same message the spec uses in its example).
• Kind-6 reposts that embed a protected event in their content are also rejected.
• Placed the check after canAcceptEvent so content-length limits kick in before we JSON.parse repost content.

Related Issue

Part of NIP-70 support. Follows #643 which added the detection utility.

Motivation and Context

NIP-70 says relays MUST reject events with ["-"] by default. Without this, those events just get stored and spread like any other event, which breaks the whole point of the tag. The repost check also covers the case where someone sticks a protected event inside a kind-6 repost body to get around the outer tag check.

How Has This Been Tested?

10 unit tests added to event-message-handler.spec.ts covering:

• Direct protected tag rejection
• Events with no tags / unrelated tags (no false positives)
• Kind-6 repost with embedded protected event
• Kind-6 repost with clean embedded event
• Empty content, invalid JSON content (graceful handling)
• Non-repost kind with JSON content containing ["-"] (should pass through)
• Precedence: a repost that is itself protected hits auth-required before the embed check
• Malformed embedded tags (non-array tags field in parsed JSON)

Screenshots (if appropriate):

N/A

Types of changes

• Non-functional change (docs, style, minor refactor)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my code changes.
• I added a changeset, or this is docs-only and I added an empty changeset.
• All new and existing tests passed.

[changeset-bot]

🦋 Changeset detected

Latest commit: 35f12a9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
nostream	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR