fix: validate address checksums before decoding

[1507819106zxzx-crypto]

Summary

• Validate addresses with isAddressValid before addressToHash decodes them.
• Surface address invalid from addressToScript when checksum validation fails.
• Add regression coverage for P2PKH, P2SH, and Bech32 checksum-invalid inputs.

Verification

• npm test
• npm run build

Related bounty: BitgesellOfficial/bitgesell#39
Payout address if approved: 0x4451dF3D21925eF7a62D20eEdc80B99f7140C5D2

[MyTH-zyxeon]

Maintainer-facing review assist for the Bitgesell PR bounty path (BitgesellOfficial/bitgesell#39): this PR looks like a useful safety fix, but I would gate acceptance on a few concrete checks before payout/merge.

What I verified from the visible diff:

• addressToHash() now validates the address checksum before decoding and returns null for invalid P2PKH/P2SH/Bech32 strings.
• addressToScript() now converts a null hash into address invalid instead of composing scripts from invalid decoded data.
• Regression coverage was added for invalid legacy and Bech32 inputs.

Suggested acceptance checklist:

• Confirm the addressNetType() + isAddressValid(... { testnet }) combination handles mainnet/testnet prefixes exactly as intended, especially for Bech32 HRP and mixed-case inputs.
• Add or confirm one positive regression for a valid testnet address so the new preflight does not accidentally reject supported testnet paths.
• Run the stated npm test / npm run build gates from a clean checkout, since this is a wallet/address correctness path and should not rely only on local author output.
• If accepted under #39, keep the payout scope tied to checksum-validation safety rather than broader wallet or live-chain behavior.

I did not run dependencies, touch code, use wallet keys, make live RPC calls, or perform any payment/claim action from this review pass.