feat(ci): enforce lowerCamelCase and max depth in reference.conf

[bladehan1]

What does this PR do?

Adds a CI gate that validates common/src/main/resources/reference.conf on every PR / push:

• Every dot-separated segment of every key must match ^[a-z][a-zA-Z0-9]*$ (lowerCamelCase).
• Total path depth must be ≤ 6 (current max in tree is 5; +1 buffer).
• Four legacy PBFT keys are grandfathered via an explicit ALLOWLIST.
• Array steps count toward depth (each [] = +1 level); nested arrays (HOCON list-of-list) are supported.

Implementation: .github/scripts/check_reference_conf.py using pyhocon (reference Python HOCON parser), wired into the existing checkstyle job in .github/workflows/pr-check.yml. Violations produce per-line stdout output plus one consolidated ::error file=...,title=reference.conf::... GHA annotation so failures show up in the PR check summary.

Why are these changes required?

reference.conf is the single source of default values for every config key in java-tron, and key names must auto-bind to XxxConfig.java bean fields via Typesafe Config's ConfigBeanFactory — which requires lowerCamelCase. Today the file has drifted: 4 PBFT keys violate the rule and the file header documents legacy exceptions handled via manual normalization. Without a gate, new contributors keep adding non-conforming keys, and silent binding failures accumulate.

A depth ceiling also prevents deeply nested hierarchies from creeping in; the current max is 5, so 6 leaves a one-level buffer for new keys without silently allowing further drift.

This PR has been tested by:

• Manual Testing: ran the script against the real reference.conf — passes with 294 keys, all lowerCamelCase, max depth 5.
• Built a local fixture suite (not committed) covering: empty / simple / dotted-form / at-max-depth / object array / scalar array / allowlist / format violations (Pascal / snake / digit / array-internal / non-allowlisted acronym) / depth violations (dotted + in-array) / combined + dedup invariant / env errors (parse failure, missing file). 20 assertions PASS.
• Verified: parse failure (invalid HOCON) and missing file both exit 2 with ::error annotation; a single user-declared deep key produces exactly one depth violation line (leaf-only filtering).

Follow up

• Sunset the 4 PBFT entries in ALLOWLIST via a rename + deprecation cycle (out of scope here — would break existing user config.conf files).
• Bean-field ↔ key parity gate (each new reference.conf key must have a matching XxxConfig.java field) is an orthogonal concern.

Extra details

• Allowlist exempts 4 legacy keys to keep user config.conf compatible: node.http.PBFTEnable, node.http.PBFTPort, node.rpc.PBFTEnable, node.rpc.PBFTPort.
• Library choice: pyhocon over Typesafe Config because the gate runs before Gradle/JDK setup in CI (~3 steps: setup-python + pip install + invoke). Both implement the HOCON spec; outputs are equivalent.