Let's say I run my own ecash mint. I issue myself a bunch of tokens, then I go and spend them. My mint allows the recipient to redeem them, but later on when someone (other than me) wants to melt the tokens, the mint just pretends to be offline or something. I'm then able to rug spent tokens because I own the infrastructure. It seems like the only way to defend against this attack would be for recipients to immediately melt all tokens issued by untrusted mints. Is this the standard pattern for receivers? Is mint trust model front and center in cashu implementations?