feat(security): Add explicit OAuth-style CallScope for cross-contract token calls (Closes #1578)

[tebney]

Summary

Adds a typed CallScope and validates it in transfer_funds_scoped to ensure every cross-contract token transfer is accompanied by an OAuth-style scope token that matches the intended from→to direction.

Threat mitigated

Prevents confused-deputy style cross-contract token transfers where a caller could trick the contract into making a transfer on an unintended path. Mismatch returns UnauthorizedScope before any token interaction.

What this PR contains

• CallScope enum and scope validation in quicklendx-contracts/src/payments.rs.
• Negative tests exercising the check in quicklendx-contracts/src/test_scope_tokens.rs.

Testing notes

I could not run the Rust build and tests in this environment because the container is missing the Rust toolchain (cargo not found). Please run the following locally or in CI to verify:

cd quicklendx-contracts
cargo build --target wasm32-unknown-unknown --release
cargo test -p quicklendx-contracts
cargo clippy --workspace --all-targets -- -D warnings

Closes: #1578

[Baskarayelu]

Add explicit OAuth-style CallScope for cross-contract token calls (Closes #1578) — nice work, merging 👍