examples: add persistent replay store for payment guard

[safal207]

Closes #149

Summary

Adds a persistent local JSON replay store for signed intent nonces in Agent Payment Guard.

This moves replay detection from audit-log scanning only toward explicit local replay-state management while keeping the implementation simulation-only and dependency-free.

What changed

• Adds replay-store helpers in payment_guard.py:
  • load_replay_store(...)
  • save_replay_store(...)
  • record_nonce(...)
  • persist_accepted_nonce_if_needed(...)
• Updates nonce_replayed(...) to check the replay store first and fall back to audit-log scanning when no store exists.
• Keeps decide(...) backward-compatible via optional replay_store_path.
• Wires replay_store_path through payment_guard_service.py.
• Adds local diagnostic endpoint:

GET /v1/replay-store

• Adds replay_store_path to payment_guard_service_config.json.
• Updates service tests to cover:
  • accepted signed intent writes replay store
  • replayed nonce returns BLOCK / INTENT_REPLAYED
  • replay-store does not grow on replay attempt
  • replay store survives service restart
  • hash-chain verification still passes
• Updates CLI demo test to reset and assert replay-store state.
• Documents replay protection and the diagnostic endpoint.

Validation target

bash examples/agent-payment-guard/run_demo_check.sh
bash examples/agent-payment-guard/run_service_check.sh
python3 scripts/verify_audit_log.py .proofpath/audit.jsonl

Non-goals

No SQLite, real wallets, real token transfers, custody, private keys, payment SDKs, RPC calls, smart contracts, KYC/AML, production compliance claims, JWS, or EIP-712 are added.