Add proof-measure client (public securedBy / measured-immutability service)

proof-measure is a separate, public, unauthenticated Dragonchain service. Adds:
- client.UnauthenticatedClient: HMAC-free transport mirroring Client's
  marshal/decode/error handling.
- proofmeasure.ProofMeasureClient: GetSecurity / Report / Health, default base
  URL https://proof-measure.dragonchain.com; standalone + a DragonchainSDK.ProofMeasure handle.
- models for SecurityResult/RawMeasure/ReportRequest/TransactionReport/etc
  (decimals as strings, timestamps int64).
- httptest unit tests.

proofmeasure/proofmeasure.go

@@ -0,0 +1,78 @@
+// Package proofmeasure is a client for the Dragonchain proof-measure service —
+// the measured-immutability / "securedBy" metric for L1–L5 verification chains.
+//
+// proof-measure is a separate, public, UNauthenticated service (no API keys),
+// so this client takes only a base URL. It exposes a network's accumulated
+// security as both a raw measure (cumulative hashes / stake-seconds) and a USD
+// valuation, plus a per-transaction "securedBy" report over interchain anchors.
+package proofmeasure
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"git.dragonchain.com/dragonchain/prime-sdk-go/client"
+	"git.dragonchain.com/dragonchain/prime-sdk-go/models"
+)
+
+// DefaultBaseURL is the public production proof-measure endpoint.
+const DefaultBaseURL = "https://proof-measure.dragonchain.com"
+
+// ProofMeasureClient calls the proof-measure HTTP API.
+type ProofMeasureClient struct {
+	client *client.UnauthenticatedClient
+}
+
+// NewProofMeasureClient builds a client for the proof-measure service. An empty
+// baseURL defaults to the public production endpoint (DefaultBaseURL).
+func NewProofMeasureClient(baseURL string) *ProofMeasureClient {
+	return NewProofMeasureClientWithHTTPClient(baseURL, nil)
+}
+
+// NewProofMeasureClientWithHTTPClient is like NewProofMeasureClient but routes
+// requests through the caller-supplied *http.Client. A nil hc uses the default.
+func NewProofMeasureClientWithHTTPClient(baseURL string, hc *http.Client) *ProofMeasureClient {
+	if baseURL == "" {
+		baseURL = DefaultBaseURL
+	}
+	return &ProofMeasureClient{
+		client: client.NewUnauthenticatedClientWithHTTPClient(baseURL, hc),
+	}
+}
+
+// GetSecurity returns the security a public network (network = "BTC" or "ETH")
+// has accumulated since the given unix timestamp, as both a raw measure and a
+// USD valuation. A non-positive since omits the parameter, letting the service
+// apply its default window.
+func (pc *ProofMeasureClient) GetSecurity(ctx context.Context, network string, since int64) (*models.SecurityResult, error) {
+	path := fmt.Sprintf("/api/v1/security/%s", network)
+	if since > 0 {
+		path = fmt.Sprintf("%s?since=%d", path, since)
+	}
+	var resp models.SecurityResult
+	if err := pc.client.Get(ctx, path, &resp); err != nil {
+		return nil, err
+	}
+	return &resp, nil
+}
+
+// Report computes the per-transaction "securedBy" report for the supplied
+// interchain anchors: each anchor's raw + USD security since it was placed, plus
+// combined totals.
+func (pc *ProofMeasureClient) Report(ctx context.Context, req *models.ReportRequest) (*models.TransactionReport, error) {
+	var resp models.TransactionReport
+	if err := pc.client.Post(ctx, "/api/v1/report", models.ContentTypeJSON, req, &resp); err != nil {
+		return nil, err
+	}
+	return &resp, nil
+}
+
+// Health reports service liveness and DB reachability.
+func (pc *ProofMeasureClient) Health(ctx context.Context) (*models.HealthResponse, error) {
+	var resp models.HealthResponse
+	if err := pc.client.Get(ctx, "/api/v1/health", &resp); err != nil {
+		return nil, err
+	}
+	return &resp, nil
+}