[WIP] Validate attachment_kind and account_id in metadata extraction helpers

[Copilot]

• Run existing tests to capture baseline status
• Inspect metadata extraction helpers and add missing validations/documentation
• Add or update focused tests for new validation behavior if applicable
• Run targeted tests (cargo test --profile=test-dev)
• Review changes for correctness and security

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Validate attachment_kind and account_id in metadata extraction helpers</issue_title>
<issue_description>We should probably validate attachment_kind as well here, i.e.:

https://github.com/0xMiden/miden-base/blob/fda68e1008f8b7b7633b8c3dfc6a0fe4e150dd32/crates/miden-protocol/asm/kernels/transaction/lib/output_note.masm#L375-L378

And looking at the neighboring extract_sender_from_metadata, it doesn't validate the account ID which it probably should also do. Would you mind adding a account_id::validate line there and add a Panics if section? If not, lmk and I'll open an issue or address it.

In general, I think the procedures we provide should provide as much safety as they can and if users want to work with potentially invalid metadata, they likely know what they're doing and can write their own procedures. But for 95% of users, validation should be the safer option.

Originally posted by @PhilippGackstatter in #2338 (comment)
</issue_description>

<agent_instructions>implement checks inside both extraction helpers.

make sure tests pass with cargo test --profile=test-dev</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Validate attachment_kind and account_id in metadata extraction helpers #2349

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.