crypto/signer: fix QF1008 staticcheck — drop redundant .Curve selector

Lint-only fix; no behavior change. ecdsa.PublicKey embeds elliptic.Curve,
so Params() resolves through the embedded field directly. The original
k.Curve.Params() form was correct but flagged by staticcheck QF1008
('could remove embedded field Curve from selector').

Caught by CI #320 (golangci-lint step) after the merge of a318337 went
green on local 'go vet + go test'. Same class of incident as the
Bundle 9 ST1018 issue documented in CLAUDE.md::Operating Rules — the
'pre-commit verification gate' rule (run make verify, which includes
staticcheck) is the existing defense; the sandbox didn't have
golangci-lint pre-installed which is why this slipped past local
verification.

internal/crypto/signer/signer.go

@@ -140,8 +140,12 @@ func algorithmFromKey(pub crypto.PublicKey) (Algorithm, error) {
 		case elliptic.P384():
 			return AlgorithmECDSAP384, nil
 		default:
+			// ecdsa.PublicKey embeds elliptic.Curve, so Params() resolves
+			// through the embedded field. Spelled this way to satisfy
+			// staticcheck QF1008 (could remove embedded field "Curve" from
+			// selector); functionally identical to k.Curve.Params().
 			name := "unknown"
-			if p := k.Curve.Params(); p != nil {
+			if p := k.Params(); p != nil {
 				name = p.Name
 			}
 			return "", fmt.Errorf("%w: ECDSA curve %s (supported: P-256, P-384)",