[contracts] Add re-entrancy guard to claim_winnings() and claim_refund()

[Ehonrie]

Ensure both claim functions mark the bet as claimed BEFORE transferring any XLM (checks-effects-interactions pattern).

Correct order (must be enforced):

1. Read and validate state
2. Set CLAIMED_{bet_id} = true
3. Transfer XLM — never before step 2

Acceptance Criteria:

• CLAIMED_{bet_id} set to true on the line immediately before the first transfer()
• A second call with the same bet_id panics before any transfer occurs
• Unit test calls claim twice and confirms second call panics

[dinmacmd]

@dinmacmd has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would like to work on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @dinmacmd to this issue.

[drips-wave]

Congratulations, @dinmacmd! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @dinmacmd: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊