feat(linea-besu): forced transactions security policy tx selector integration

[fluentcrafter]

This PR implements issue(s) #3136

Checklist

• I wrote new tests for my new core changes.
• I have successfully ran tests, style checker and build against my new changes locally.
• If this change is deployed to any environment (including Devnet), E2E test coverage exists or is included in this
  PR.
• I have informed the team of any breaking changes if there are any.

---

Note

High Risk
Changes forced-transaction inclusion semantics and block-building interaction with security plugins near deadlines; misconfiguration or the apparent fromConfig bug could widen force-include behavior unexpectedly.

Overview
Integrates chain security policy with forced transaction (FTX) block building so security-plugin rejections can be retried until a configurable window before each FTX’s deadline, when inclusion is forced and security selectors must allow the tx.

A ChainSecurityPolicy Besu service is added via LineaChainSecurityPolicy, registered early in the shared Linea plugin and initialized with ForcedTransactionPoolService::shallForceIncludeTransaction. Pending FTXs that match the evaluated tx hash and are within chainSecurityViolationHoldOffBeforeDeadline blocks of their deadline return true from shallForceIncludeTransaction, which test/security selectors use to skip blocks (see FakeChainSecurityPolicyTxValidatorPlugin).

LineaForcedTransactionPool gains the hold-off setting (CLI --plugin-linea-forced-tx-chain-security-violation-before-deadline-inclusion-allowance, default 7200 blocks), maps CHAIN_SECURITY_RULE_VIOLATED to ChainSecurityRuleViolation (replacing the old Phylax naming), and treats that outcome as retryable until the deadline window. Acceptance coverage is added in ForcedTransactionChainSecurityPolicyTest plus small harness tweaks (block build helpers, optional receipt lookup, ForcedTransactionParam long deadline overload).

Note: The diff includes a System.out.println in selection-result mapping and fromConfig appears to copy statusCacheSize into the security allowance field—worth fixing before merge.

^{Reviewed by Cursor Bugbot for commit 584fe10. Bugbot is set up for automated code reviews on this repo. Configure here.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.36%. Comparing base (56b71fa) to head (584fe10).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@              Coverage Diff              @@
##               main    #3262       +/-   ##
=============================================
- Coverage     76.83%   55.36%   -21.47%     
+ Complexity     6991     5247     -1744     
=============================================
  Files          1126     1126               
  Lines         44644    44644               
  Branches       5356     5356               
=============================================
- Hits          34303    24719     -9584     
- Misses         8953    19189    +10236     
+ Partials       1388      736      -652     

Flag	Coverage Δ		*Carryforward flag
hardhat	96.17% <ø> (ø)		Carriedforward from 56b71fa
kotlin	0.33% <ø> (-54.99%)	⬇️
lido-governance-monitor	97.61% <ø> (ø)		Carriedforward from 56b71fa
linea-native-libs	90.69% <ø> (ø)		Carriedforward from 56b71fa
linea-shared-utils	96.18% <ø> (ø)		Carriedforward from 56b71fa
native-yield-automation-service	97.68% <ø> (ø)		Carriedforward from 56b71fa
postman	99.92% <ø> (ø)		Carriedforward from 56b71fa
sdk-core	98.09% <ø> (ø)		Carriedforward from 56b71fa
sdk-ethers	89.83% <ø> (ø)		Carriedforward from 56b71fa
sdk-viem	99.45% <ø> (ø)		Carriedforward from 56b71fa
tracer	88.39% <ø> (ø)		Carriedforward from 56b71fa

*This pull request uses carry forward flags. Click here to find out more.
see 310 files with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.