Reentrancy protection

[nafiuishaaq]

Description:
Guard against reentrancy attacks, especially during token transfers in approve_session, refund_session, and resolve_dispute.

Acceptance Criteria:

Implement non_reentrant modifier using storage flag.

Flag set before token transfer, cleared after.

Reentrant call reverts with ReentrancyDetected error (code 700).

All payout functions use the modifier.

Unit test: Attempt reentrancy via malicious token contract → revert.

Labels: security, reentrancy, robustness