feat: add capabilities to keyring endowment

[hmalik88]

Adding capabilities to the keyring endowment as part of keyring v2 work (https://github.com/MetaMask/decisions/blob/main/decisions/core/0006-keyring-interface.md)

---

Note

Medium Risk
Extends the endowment:keyring permission model and manifest validation with a new optional caveat; mistakes could cause snaps’ permissions/manifests to be rejected or misinterpreted across clients.

Overview
Adds a new keyringCapabilities caveat to endowment:keyring, allowing snaps to declare supported keyring capabilities (e.g., scopes and optional BIP-44/private key/custom flags) in initialPermissions/manifests.

Updates the keyring endowment permission spec to accept/validate this optional caveat, adds getKeyringCaveatCapabilities, and adjusts the caveat mapper to emit origin + capabilities caveats (or null when empty). Propagates the new caveat through SDK permission types, snaps-utils caveat enum + runtime struct/assertion + manifest validation, and updates tests/snapshots/coverage thresholds accordingly.

^{Reviewed by Cursor Bugbot for commit e629c04. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.56%. Comparing base (26ff2aa) to head (e629c04).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3903   +/-   ##
=======================================
  Coverage   98.56%   98.56%           
=======================================
  Files         426      427    +1     
  Lines       12316    12343   +27     
  Branches     1935     1939    +4     
=======================================
+ Hits        12139    12166   +27     
  Misses        177      177           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[FrederikBolding]

Did we decide on behaviour if this is not defined? Since we are making it optional

[hmalik88]

Yes, omission of the capabilities is an implicit indication of using keyring v1

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}