Add read-only-auth example for pre-generating authentication tokens

[devin-ai-integration]

Add read-only-auth example for pre-generating authentication tokens

Summary

Adds a new example in examples/read-only-auth/ that enables users to pre-generate authentication tokens for read-only operations. This addresses the use case where users want to avoid exposing API private keys at runtime.

What's included:

• setup.py - Configures API key 253 for all accounts associated with an L1 address
• generate.py - Pre-generates auth tokens at 6-hour intervals with 8-hour expiry
• README.md - Comprehensive documentation with usage examples and security considerations

Key features:

• Processes ALL accounts for an L1 address (not just the first one)
• Tokens aligned to 6-hour boundaries: unix_timestamp // (6 * 3600) * (6 * 3600)
• 8-hour token expiry provides 2-hour overlap between consecutive tokens
• Configurable duration (default: 7 days = 28 tokens per account)
• JSON output format: {account_index: {timestamp: token_string}}
• Uses helper function to extend SignerClient without modifying the core library

Review & Testing Checklist for Human

This PR contains untested code that requires end-to-end verification. Please complete the following:

• Test the full workflow with real testnet credentials: Run python3 setup.py > config.json then python3 generate.py to verify both scripts work correctly
• Verify token generation and alignment: Check that tokens in auth-tokens.json have timestamps aligned to 6-hour boundaries (divisible by 21600) and confirm the token lookup logic in README works
• Test token validity: Verify that generated tokens are actually valid for 8 hours by attempting to use a token immediately after generation and near its expiry time
• Test with multiple accounts: If you have multiple sub-accounts, verify that setup.py correctly configures API key 253 for all of them concurrently
• Verify invalidation workflow: Re-run setup.py and confirm that old tokens no longer work (validates the invalidation mechanism)

Notes

• The scripts follow the pattern from examples/system_setup.py but haven't been tested with real Lighter credentials
• The time alignment math (current_time // (6 * 3600)) * (6 * 3600) is critical - please verify tokens are generated for correct future time periods
• Concurrent API key changes for multiple accounts use asyncio.gather() with error handling, but edge cases might exist
• The helper function create_auth_token_for_timestamp() is a local wrapper that doesn't modify the SignerClient class as required

Link to Devin run: https://app.devin.ai/sessions/31ad4881808f461cb48c651583f49ace
Requested by: @alexvelea

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

Closing due to inactivity for more than 7 days. Configure here.

[alexvelea]

No, no devin bad