Fix stale outbox test expectations

The current staged changes are both follow-ups to earlier outbox review
fixes. One middleware regression now expects the 401 returned by
auth-before-actor handling, and the mock proof-shape regression uses a
normal Create instance with an overridden raw JSON-LD view instead of
trying to deserialize an intentionally shape-only proof payload.

#688

Assisted-by: OpenCode:gpt-5.4

Author: dahlia

packages/fedify/src/federation/middleware.test.ts

@@ -2171,7 +2171,7 @@ test("Federation.setOutboxListeners()", async (t) => {
       }),
       { contextData: undefined },
     );
-    assertEquals(response.status, 404);
+    assertEquals(response.status, 401);
   });
 
   await t.step("POST without listeners returns 405", async () => {

packages/testing/src/mock.test.ts

@@ -383,9 +383,12 @@ test(
         "https://w3id.org/security#proofValue": [{ "@value": "signature" }],
       },
     };
-    const activity = await Activity.fromJsonLd(proofJson, {
-      documentLoader: mockDocumentLoader,
-      contextLoader: mockDocumentLoader,
+    const activity = new Create({
+      id: new URL("https://example.com/activities/1"),
+      actor: new URL("https://example.com/users/alice"),
+    });
+    Object.assign(activity, {
+      toJsonLd: () => Promise.resolve(proofJson),
     });
 
     await mockFederation.postOutboxActivity("alice", activity);