feat(types): Account v3 projection helpers — bank-details write-only guard (#356)

[bokelley]

Closes #356.

Summary

New module `adcp.types.projections` with response-shape projection types that close the bank-details-on-read leak path on `Account` responses.

Per AdCP 3.0.x `core/business-entity.json`, `BusinessEntity.bank` carries `writeOnly: true` — IBAN, BIC, routing/account numbers flow into the seller during account setup but MUST NOT be echoed in responses. Pydantic round-trips everything by default, so an adopter who reuses an internal `Account` model on the response path leaks bank details unknowingly.

Design choice — Option 2 (projection types)

Per security-reviewer on the issue, Option 1 (model_validator strip) has multiple silent bypass paths: `model_copy()`, direct `BusinessEntity` serialization, idempotency cache replay. Option 2 (projection types) is structurally correct — the field is type-narrowed to `None`, so an adopter holding the projection type literally cannot construct one with bank set.

Public surface

```python
from adcp.types import (
AccountResponse,
BusinessEntityResponse,
to_account_response,
)

Convert an internal Account (with bank populated) to a safe response:

response = to_account_response(internal_account)

response.billing_entity.bank is None; serialization omits the field.

Or construct directly:

resp = AccountResponse(
account_id="acct-1", name="Acme", status="active",
billing_entity={"legal_name": "Acme Corp"}, # bank=... raises ValidationError
)
```

Behavior pinned by tests

• `BusinessEntityResponse(bank=...)` → `ValidationError`
• Other fields (`legal_name`, `vat_id`, `address`, `contacts`) round-trip unchanged
• `model_dump()` excludes `bank` even if smuggled past the type system (defense in depth)
• `AccountResponse.billing_entity` annotation references `BusinessEntityResponse` (the whole guard collapses if this binding regresses)
• `AccountResponse.model_validate({...with nested bank...})` raises
• `to_account_response(internal_account)` strips bank, preserves everything else
• `reporting_bucket` is NOT write-only (per ad-tech-protocol-expert clarification — seller-provisioned, buyer-readable for offline-delivery coordinates) and MUST NOT be stripped — pinned by a regression test.

Out of scope (track separately)

• `GovernanceAgent.authentication` is also `writeOnly` but lives in a generated nested type with a different adopter contract.
• `sync_accounts_response.Account` is built via the `SyncAccountsResponse1`/`SyncAccountsResponse2` discriminator branches and doesn't share the `billing_entity` wire shape with `core.Account`. Different leak surface, different fix.
• The triage flagged a docstring example `request_snapshot = req.model_dump()` that prescribes writing IBAN into adopter stores; orthogonal to projections, deferred.

Local gates

• `uv run ruff check src/` — clean
• `uv run mypy src/adcp/` — Success: no issues found in 744 source files
• `uv run pytest tests/` — all green; `test_public_api_surface_matches_snapshot` updated for the 3 new exports.

Test plan

• `uv run pytest tests/test_account_projections.py -v` — 7 passed
• `uv run pytest tests/test_public_api.py -q` — snapshot regenerated and matches
• Full suite green

🤖 Generated with Claude Code