Wire root_account into _build_tempo_transfer so that smart wallet access keys can sign transactions on behalf of the wallet.

Changes

src/mpp/methods/tempo/client.py:

• Use root_account address for get_tx_params (nonce comes from the wallet, not the access key)
• Use root_account for estimate_gas (same reason)
• Use pytempo.sign_tx_access_key() when root_account is set — builds a Keychain V2 signature (0x04 || root_addr || inner_sig) and sets sender_address to the wallet
• Set credential source to the root_account address

tests/test_tempo.py: 3 new tests covering access key signing, access key + fee payer, and the existing no-root-account path.

Why

root_account was declared on TempoMethod but never used. This meant passkey-based Tempo wallets (which use access keys with spending limits) could not use pympp — the transaction would be signed by the access key directly, which has no on-chain balance.

Testing

• All 394 existing tests pass (+ 3 new)
• End-to-end tested against modal.mpp.tempo.xyz: sandbox create → exec → terminate all succeed with access key + fee payer

method = tempo(
    account=TempoAccount.from_env(),        # access key
    root_account="0x975937...",              # smart wallet address
    intents={"charge": ChargeIntent()},
)
async with Client(methods=[method]) as client:
    r = await client.post("https://modal.mpp.tempo.xyz/sandbox/create", json={...})
    # 200 OK ✓