[Contracts] Bond: add admin two-step ownership transfer with timelock

[Baskarayelu]

Description

CredenceBond::initialize sets DataKey::Admin once, but there is no way to rotate the admin afterward, and no protection against a fat-fingered transfer to a wrong/zero address. The admin holds slashing and fee-collection authority over real USDC, so admin rotation must exist and must be a deliberate two-step (propose/accept) flow, ideally with a timelock delay. The repo already has a timelock crate that can be leveraged.

Requirements and context

• Secure: add propose_admin/accept_admin with pending-admin storage; new admin must require_auth to accept; reject zero/identity-equal addresses.
• Optionally integrate the timelock contract for a delay between propose and accept.
• Tested: only current admin proposes; only pending admin accepts; old admin loses authority after acceptance.
• Documented: update docs/admin-roles.md and docs/governance.md.

Suggested execution

• git checkout -b feature/bond-admin-two-step-transfer
• Add PendingAdmin to DataKey and the two-step functions in ours.rs.
• Write transfer-flow tests including timelock delay.
• Update docs docs/admin-roles.md.
• Add /// doc comments for the transfer flow.
• Validate no single call can hijack admin.

Test and commit

• Run cargo test.
• Cover edge cases: propose to zero, accept by wrong account, double-accept.
• Include test output and security notes.

Example commit message

feat: add two-step timelocked admin transfer to bond contract

Guidelines

• Minimum 95% test coverage
• Clear documentation
• Timeframe: 96 hours

[Gutopro]

@Gutopro has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Can I work on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Gutopro to this issue.

[drips-wave]

Congratulations, @Gutopro! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Gutopro: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊