fix: apply CEI pattern and reentrancy guard to release_payment

[wumibals]

Summary

Fixes a Checks-Effects-Interactions (CEI) violation in contracts/payment/src/lib.rs where release_payment() performed two token transfers before updating payment.status to Released. A malicious token contract that re-entered release_payment() during transfer() could exploit this to drain the escrow twice.

Root cause

token_client.transfer(→ restaurant)   // INTERACTION (external call)
token_client.transfer(→ treasury)     // INTERACTION (external call)
payment.status = Released             // EFFECT — too late
storage.set(payment)                  // EFFECT — too late

Fix

contracts/payment/src/lib.rs

1. Added Releasing(u64) variant to DataKey — a per-order reentrancy guard stored in instance storage
2. Restructured release_payment to strict CEI order:
   • CHECKS — auth, status, caller validation (unchanged)
   • CHECKS — reentrancy guard: panics with "reentrant call" if Releasing(order_id) is already set
   • Set Releasing(order_id) = true
   • EFFECTS — payment.status = Released, settled_at, storage.set() — all before any external call
   • INTERACTIONS — token transfers to restaurant and treasury
   • Clear Releasing(order_id) guard
3. All three existing tests (test_escrow_and_release, test_refund, test_double_escrow_panics) continue to pass
4. Added test_release_status_is_released_after_successful_call — verifies CEI ordering
5. Added test_double_release_panics_protecting_against_reentrancy — a second release_payment on the same order sees status=Released and panics, mirroring exactly what a reentrant call would encounter

Closes #281

[Leothosine]

Good work