fix: address Phase 3 code review feedback
- I2 (Important): Remove unused _did parameter from sign_and_verify_claim command
The parameter was never used; the function retrieves the DID from claim_state instead.
- M1 (Minor): Distinguish 404 vs 5xx in fetch_audit_log
Changed from mapping all non-success responses to DidNotFound to properly returning
DidNotFound (404) and NetworkError with status (other non-success codes).
The 7 required tests for sign_and_verify_claim_impl (AC4.3-AC4.7, AC4.10) are
already implemented and compile correctly (they fail at runtime in sandbox due to
httpmock port binding, which is expected and documented).