fix(rng): remove pendingReveals fallback from entropy output path

shouldZeroEntropy() and sfEntropyCount no longer fall back to
pendingReveals_.  If entropySetMap_ is null, entropy failed — the
pipeline didn't complete, and the map is the only canonical source.

pendingReveals_ is now strictly an internal staging area for the
commit/reveal pipeline.  All final entropy decisions flow through
entropySetMap_, which is the consensus-agreed set.

src/xrpld/app/consensus/ConsensusExtensions.cpp

@@ -168,19 +168,11 @@ ConsensusExtensions::hasAnyReveals() const
 bool
 ConsensusExtensions::shouldZeroEntropy() const
 {
-    if (entropyFailed_)
+    if (entropyFailed_ || !entropySetMap_)
         return true;
 
-    // Use entropySetMap_ as the canonical source when available,
-    // falling back to pendingReveals_ during pipeline stages
-    // before the map is built (e.g. ConvergingReveal timeout checks).
-    if (entropySetMap_)
-    {
-        auto const leafCount = entropySetMap_->leafCount();
-        return leafCount == 0 || leafCount < quorumThreshold();
-    }
-    return pendingReveals_.empty() ||
-        pendingReveals_.size() < quorumThreshold();
+    auto const leafCount = entropySetMap_->leafCount();
+    return leafCount == 0 || leafCount < quorumThreshold();
 }
 
 bool
@@ -1191,10 +1183,7 @@ ConsensusExtensions::onPreBuild(CanonicalTXSet& retriableTxs, LedgerIndex seq)
         auto const entropyCount = static_cast<std::uint16_t>(
             app_.config().standalone()
                 ? 20  // synthetic: high enough for Hook APIs (need >= 5)
-                : (shouldZeroEntropy()
-                       ? 0
-                       : (entropySetMap_ ? entropySetMap_->leafCount()
-                                         : pendingReveals_.size())));
+                : (shouldZeroEntropy() ? 0 : entropySetMap_->leafCount()));
         STTx tx(ttCONSENSUS_ENTROPY, [&](auto& obj) {
             obj.setFieldU32(sfLedgerSequence, seq);
             obj.setAccountID(sfAccount, AccountID{});