fix(lang): only capture a policy's ref where its script runs

[scarmuega]

Follow-up to #332.

Bug

#332 captured a ref-backed policy's ref UTxO whenever the policy appeared in an address position, gated on is_address_expr(). That flag is set for both an input's from and an output's to. So:

policy Vault { hash: 0x.., ref: 0x..#0 }

tx send(quantity: Int) {
    input funding { from: SomeParty, min_amount: Ada(quantity) }
    output { to: Vault, amount: Ada(quantity) }   // <-- wrongly added Vault's ref as a reference input
}

Sending funds to a script address does not run the script (it runs later, when those funds are spent), so no reference input should be attached. The over-capture bloats the tx and can make it unresolvable if that UTxO is gone.

Fix

Capture is now driven solely by the explicit capture_policy_ref signal, set only at the sites where the policy's script actually executes in this tx:

• input from → enter_address_expr().capturing_policy_refs()
• mint / burn amount → already sets it

Symbol::PolicyDef no longer captures on is_address_expr(); the BuildScriptAddress lowering stays keyed on it. Output to keeps its address lowering but no longer captures.

Net rule: capture iff the policy's script runs in this transaction — input from, mint, burn.

Test

New send_to_policy example tx outputs to a ref-backed policy without spending from it; asserts references is empty. Existing ref-backed from/mint/burn checks still expect 1. cargo test -p tx3-lang: 167 passed, 0 failed — no snapshot regressions (no committed example used a ref-backed policy as an output recipient).

🤖 Generated with Claude Code