Add timelocked legal-hold clearing to prevent instant compliance override

[mikewheeleer]

Description

set_legal_hold(active=false) clears a compliance hold instantly with a single admin auth. The module rustdoc notes the contract has no embedded timelock and relies entirely on off-chain governance. Add an optional configurable clear-delay so a hold cannot be lifted until a minimum ledger time after a request_clear_legal_hold call, giving compliance an on-chain cooling-off window.

Requirements and context

• Scoped to the LiquiFact escrow Soroban contract.
• Add DataKey::LegalHoldClearableAt; request_clear_legal_hold sets it to now + delay, and set_legal_hold(false) asserts now >= LegalHoldClearableAt.
• Delay configured at init (optional, default 0 to preserve current behavior); use Env::ledger().timestamp() per docs/escrow-ledger-time.md.
• Invariant: enabling a hold is always immediate; clearing respects the delay; admin auth required for both.
• Reference ADR-004 legal-hold.
• Must be secure, tested, and documented.

Suggested execution

• Fork the repo and create a branch:
  • git checkout -b feature/legal-hold-timelock
• Implement changes:
  • escrow/src/lib.rs
  • Tests: escrow/src/tests/legal_hold.rs
  • Docs: docs/escrow-legal-hold.md
  • Include rustdoc/NatSpec-style doc comments on public functions
  • Validate security assumptions (auth, overflow, storage TTL, double-spend)

Test and commit

• Run tests: cargo test
• Cover edge cases (zero amounts, overflow, unauthorized callers, double-spend, state-machine misuse)
• Include test output and security notes in the PR

Example commit message

feat(escrow): timelocked legal-hold clearing window

Guidelines

• Minimum 95% test coverage on new/changed code
• Clear documentation
• Timeframe: 96 hours from assignment

[drips-wave]

@mikewheeleer Hillzo could not be assigned to this issue because they have reached the maximum of 4 accepted assignments per organization in the current wave of the Stellar Wave Program.

The assignee has been removed. Please choose a different contributor.

[abdullahilateefat03-boop]

@abdullahilateefat03-boop has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hello maintainers,
I’m interested in taking up this issue. I have experience in Full-stackweb development. After reviewing the issue requirements, I believe I can implement a proper solution and follow the project guidelines.
Kindly assign the issue to me.
Thanks.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @abdullahilateefat03-boop to this issue.

[DeborahOlaboye]

@DeborahOlaboye has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi, I'd like to work on this issue.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @DeborahOlaboye to this issue.

[dotmantissa]

@dotmantissa has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Please, assign this issue to me.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @dotmantissa to this issue.

[Blaqkenny]

@Blaqkenny has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hello Boss, please I would love to work on this issue for you and give you a better result

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Blaqkenny to this issue.

[whisper011]

@whisper011 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Gm! I'd like to work on this.

I've gone through the issue and understand what needs to be done. I'll keep the fix scoped, clean, and tested — and communicate clearly if anything comes up along the way.

Ready to start immediately. Feel free to assign it!

ℹ️ Repo Maintainers: To accept this application, review their application or assign @whisper011 to this issue.