TSAN fixes: Refactor mutex handling

[eddyashton]

This is largely written by the robot, so I'll let the robot describe the changes:

This pull request introduces several improvements to node startup, certificate handling, and lock management in the consensus and node state code. The most significant changes include the addition of a structured startup state for consensus initialization, improved lock usage to prevent deadlocks, and asynchronous frontend opening to avoid lock contention. These changes enhance the robustness and clarity of node initialization and certificate management.

Consensus Startup Improvements:

• Added StartupRole and StartupState structs to aft::Raft for explicit initialization as primary or backup, including state info such as index, term, and view history. The consensus constructor now uses this to set up initial state and role, supporting more flexible and safer node startup scenarios.
• Modified setup_consensus in NodeState to accept and propagate StartupState, enabling correct initialization for both primary and backup roles, and ensuring backup initialization runs before other threads access consensus.

Certificate Locking and Management:

• Introduced a dedicated endorsed_cert_lock for certificate fields in NodeState, replacing the main lock in certificate-related operations to avoid lock-order-inversion and potential deadlocks. Certificate accesses and updates now use this lock, and new helper methods for safe/unsafe certificate access were added.

Frontend Initialization and Lock Avoidance:

• Replaced synchronous frontend opening with open_frontend_async, scheduling frontend opening tasks to avoid holding KV or consensus locks during potentially blocking operations. This change applies to node, member, and user frontends.

Ledger Secrets Locking Consistency:

• Moved mutex locking in ledger_secrets.h functions to after dependency checks, ensuring consistent lock ordering and reducing risk of deadlocks.

Cleanup and Deadlock Suppression:

• Removed deadlock and race suppressions for files no longer requiring them in tsan_env_suppressions, reflecting improvements in lock handling and concurrency.

[Copilot]

Pull request overview

Refactors node startup and consensus initialisation to reduce TSAN-reported deadlocks/races by making startup state explicit, adjusting lock usage around certificate/ledger-secret access, and deferring some potentially blocking work to async tasks.

Changes:

• Introduces aft::Aft::StartupState/StartupRole to initialise consensus as Primary/Backup (and optionally seed term/index/view history) inside the consensus constructor.
• Splits certificate locking in NodeState via a dedicated endorsed_cert_lock, and switches several frontend openings to open_frontend_async to avoid lock-order inversions.
• Moves LedgerSecrets mutex acquisition after KV dependency checks, and removes some TSAN suppressions.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
tsan_env_suppressions	Removes deadlock/race suppressions which are presumed obsolete after lock refactors.
src/node/node_state.h	Adds dedicated cert lock, refactors consensus setup to accept startup state, and introduces async frontend opening to reduce lock contention.
src/node/ledger_secrets.h	Adjusts lock ordering by taking KV dependency before acquiring the ledger-secrets mutex.
src/consensus/aft/raft.h	Adds consensus constructor startup initialisation logic for primary/backup roles.