BOLT12 offers are designed for compactness to fit in QR codes, and can
be "much longer-lived than a particular invoice". These goals are in
tension when constructing blinded paths: BOLT04 allows using either
`short_channel_id` or `next_node_id` in the encrypted_data_tlv for
routing, but each has trade-offs.

Using SCIDs produces smaller encoded offers suitable for QR codes, but
if the referenced channel closes or is modified (e.g., via splicing),
the blinded path breaks and the offer becomes unusable. Using full node
IDs produces larger offers but paths remain valid as long as the node
connection persists, regardless of specific channel lifecycle.

For long-lived offers where stability matters more than size, users may
prefer full node ID paths. This adds a `compact_paths` field to
`DefaultMessageRouter` and a `with_compact_paths` constructor to allow
downstream applications to choose their preferred trade-off. The
default behavior (compact paths enabled) is preserved.

Store the DNSSEC proof received during BIP 353 Human Readable Name
resolution and carry it through the payment lifecycle alongside the
Bolt12Invoice. The proof is stored in PendingOutboundPayment::Retryable
and HTLCSource::OutboundRoute (for restart persistence), and emitted
in the PaymentSent event.

This allows users who pay via HRN to have a complete chain of proof:
DNS name -> DNSSEC proof -> Offer -> Invoice -> Payment preimage.

Addresses the DNSSECProof part of lightningdevkit#3344.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>