Saw another comment that I think is clearing this up for me - so the cashu token is actually encrypted in some way that only the receiving pubkey can claim? Or does the nostr event with the cashu payload actually have to be encrypted?