core: implement multi-sig admin for critical operations

[Oluwatos94]

Pull Request

Closes #15

Description

Implements multi-signature governance for the protocol's critical operations.
Previously all five contracts relied on a single admin key compromise of that
key would expose the protocol to drainage. This adds an N-of-M proposal system
to the parameters-contract so that critical operations require multiple
distinct approvals, time-bound to a 7-day window.

Scope is the core parameters-contract (the "core:" deliverable in #15). Wiring
the other contracts' upgrade() functions into this committee is left to
follow-up issues.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update

Breaking: the direct public update_parameters, set_admin, and upgrade
Functions on parameters-contract are removed. These critical operations now
Go exclusively through the proposal flow (propose → approve → execute).

Changes Made

• Multi-sig committee: configure_multisig(signers, threshold); admin-only
  bootstrap, callable exactly once. Afterwards the committee can only be changed
  via an approved UpdateSigners proposal, so a compromised admin key alone can
  no longer alter governance.
• Proposal workflow: propose / approve / execute covering the critical
  actions UpdateParameters, SetAdmin, Upgrade, and UpdateSigners. The
  prior direct logic moved to private do_* helpers reachable only via execute.
• 2-of-N enforcement: execute requires approvals.len() >= threshold;
  config validation requires 2 <= threshold <= signers.len() and rejects
  duplicate signers.
• 7-day expiry: proposals carry expires_at = created_at + 604_800; both
  approve and execute reject expired proposals.
• Duplicate-signature rejection: the proposer is recorded as the first
  approval; approve rejects any address already present.
• Non-critical reads unchanged: get_admin / get_parameters / get_version.
• Added 10 typed errors (codes 8–17), committee/proposal lifecycle events, and
  persistent per-proposal storage with an id counter.
• Updated one creditline-contract integration test to drive the new proposal
  flow (it previously called the removed update_parameters directly).

Testing

• Tests pass locally (cargo test -p parameters-contract — 20 passed;
  cargo test -p creditline-contract passing; cargo build --workspace clean)
• New tests added; full approval workflow, threshold enforcement,
  duplicate-signature rejection, 7-day expiry, configure-once, and each critical
  action executed via proposal.

Checklist

• Code follows project style guidelines
• Self-review completed
• Comments added for complex code
• Documentation updated
• No new warnings generated