feat: escrow security hardening, storage bounds, and admin safety improvements

[jahrulezfrancis]

Description

This PR introduces critical improvements across escrow handling, storage management, and admin configuration in the CraftNexus protocol. The focus is on strengthening security guarantees, ensuring safe lifecycle transitions, and improving long-term scalability.

---

Key Changes

---

1. Token Whitelist Enforcement on Legacy Escrows (#238)

Problem

Whitelist enforcement depended on global state, creating ambiguity for previously created escrows when rules change.

---

Solution

• Enforce whitelist validation strictly at escrow creation time
• Prevent retroactive application of whitelist updates

---

Key Behavior

• New escrows follow current whitelist rules
• Existing escrows remain valid regardless of future changes

---

Outcome

• Preserves backward compatibility
• Ensures deterministic validation
• Prevents unintended mutation of historical escrow state

---

2. Recurring Escrow Cancellation Safety (#242)

Problem

Cancelling recurring escrows during active cycles could lead to:

• Incomplete cleanup
• Dangling references
• Unsettled funds

---

Solution

• Refactored cancellation flow to safely handle in-flight cycles

---

Key Behavior

• Active cycles complete normally
• Only future recurrence state is disabled or removed
• Pending executions remain intact

---

Outcome

• Eliminates unsafe cancellation behavior
• Guarantees completion of active escrow cycles
• Prevents loss or inaccessibility of funds

---

3. ArtisanStakeQueue Storage Boundedness (#237)

Problem

Unbounded queue growth leads to:

• Increased storage costs
• Degraded performance over time

---

Solution

• Introduced bounded queue management:
  • Pruning outdated entries
  • Batch processing historical data
  • Retaining only relevant records

---

Key Behavior

• Queue size remains controlled
• Old entries removed or compacted
• Recent activity preserved

---

Outcome

• Prevents unbounded storage growth
• Improves scalability and performance
• Keeps costs predictable

---

4. PlatformConfig Admin Hardening (#240)

Problem

Admin configuration could become corrupted or invalid, leading to:

• Loss of control
• Unauthorized operations
• Blocked critical actions

---

Solution

• Added validation layer for admin addresses
• Introduced safe fallback handling for invalid state

---

Key Behavior

• Invalid admin entries are rejected safely
• System falls back or fails gracefully
• Prevents execution under corrupted configuration

---

Outcome

• Improved resilience against misconfiguration
• Prevents admin lockout scenarios
• Strengthens governance safety

---

Key Areas Modified

• Escrow lifecycle logic
• Recurring escrow cancellation flow
• ArtisanStakeQueue storage handling
• PlatformConfig admin resolution logic

---

Acceptance Criteria Summary

• Whitelist enforcement applied only at creation time
• Recurring cancellations safely handle active cycles
• Stake queue storage bounded effectively
• Admin configuration validated with safe fallback
• No regression in escrow correctness or fund safety

---

Related Issues

Closes #238
Closes #242
Closes #237
Closes #240