Function verify_attested_weights 

pub fn verify_attested_weights(
    path: &Path,
    expected: &AttestedWeights,
) -> Result<()>

Verify an in-flight AttestedWeights record against the file at path. Issue #654 MVP gate — call before binding the backend if the operator has pinned a known-good hash.

Two checks run, both fail-CLOSED:

1. Hash — the recomputed SHA-256 of the on-disk file MUST equal expected.sha256.
2. Signature — when expected.signature is Some, the Ed25519 signature MUST verify against the operator’s resolved public key (crate::governance::rules_store::resolve_operator_pubkey) over the recomputed SHA-256 hex string’s bytes. A signature that is present but cannot be verified — malformed base64, wrong length, bad signature, OR no operator key resolvable — is a hard refusal. Pre-fix the signature field was stored but NEVER checked, so a record carrying a forged or stale signature passed the gate on the hash alone (silent unverified-signature gap, issue #654).

Errors

Returns an error if the file cannot be read, the recomputed hash does not match expected.sha256, or a present signature fails to verify.