test: add path payment service coverage

[bolu26]

this pr closes #703
this pr closes #704
this pr closes #705
this pr closes #706

Builds a transaction with the correct pathPaymentStrictSend operation
The sendAmount parameter is encoded correctly (string, not float)
The destMin is calculated correctly from the configured slippage tolerance
A valid path returned by Horizon is embedded in the operation
Submits and returns the destination amount received on success

Create backend/src/services/keypairRotation.test.js covering the full lifecycle:
Key generation
Generated keypairs are valid Stellar Ed25519 keypairs (public key starts with G, secret starts with S)
Each call produces a distinct keypair (no deterministic repetition with default entropy)
The secret key is not written to any log during generation
Key derivation from a seed phrase (if supported) produces the correct keypair for known test vectors
Storage
The secret key is encrypted before being passed to the storage layer
The public key is stored in plaintext alongside the encrypted secret
Duplicate storage for the same account is rejected with a clear error
Storage failures are propagated with context (not swallowed)

Scope of Work
Create backend/src/services/trustlineManager.test.js covering all three operations:
Add trustline
Correctly constructs a changeTrust operation with the right asset code and issuer
Sets the limit to the maximum by default and respects a custom limit when provided
Throws when the account already has the maximum number of trustlines
Throws with a clear error when the issuer account does not exist on the network
Signs and submits the transaction and returns the updated account state
Remove trustline
Correctly constructs a changeTrust operation with limit set to 0
Refuses to proceed (throws before submitting) if the account still holds a non-zero balance of the asset
Handles the case where the trustline does not exist and throws a typed TrustlineNotFoundError
Returns a success indicator after the transaction is confirmed
List trustlines
Fetches the account from Horizon and filters the balances array to non-native assets only
Returns a structured list with asset code, issuer, balance, and limit fields
Returns an empty array (not an error) when the account has no non-native trustlines
Throws a typed error when the account does not exist on the network

Create backend/src/routes/transactions.test.js (or in the project's existing test directory). Use supertest to make HTTP requests against the Express app. Mock the underlying service layer to keep tests fast and deterministic. Cover:
Happy path
GET /transactions?account=G... returns a paginated list of transactions with correct shape
POST /transactions with a valid body submits the payment and returns 201 with transaction hash
GET /transactions/:id returns full detail for a known transaction ID
Validation errors
POST /transactions with missing destination field returns 400 with a field-specific error
POST /transactions with an invalid Stellar address in destination returns 400
POST /transactions with a non-numeric amount returns 400
GET /transactions with an invalid cursor value returns 400
Authentication
All routes return 401 when the Authorization header is missing
All routes return 401 when the JWT is expired
Routes return 403 when the authenticated user tries to submit from an account they do not own
Stellar network failures
When the underlying service throws a HorizonTimeoutError, the route returns 504
When the service throws a Stellar result code error, the route returns 422 with the codes in the response body
When the service is unavailable, the route returns 503

[drips-wave]

@bolu26 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits