test(fuzz): implement comprehensive governance multi-step state machine target

[Francis6-git]

Description:
This PR implements property-based fuzzing for the multisig_governance contract state machine. It adds multisig_governance as a core dependency to the fuzzing environment, registers the governance_fuzz binary target in fuzz/Cargo.toml, and establishes strict invariant assertions across multi-step proposal lifecycles.

Closes #22

[ogazboiz]

nice work on this one. the governance fuzz target is genuinely well thought out: the action enum covers the whole lifecycle (propose/approve/finalize/cancel/emergency-cancel/expire/advance-time), signers are drawn from a fixed pool so duplicates and out-of-set callers are both exercised, and the invariants are meaningful rather than decorative. i especially like the pre-finalize snapshot pattern, asserting threshold-met plus timelock-elapsed plus before-ttl against the captured proposal, and the shadow expected_admin that enforces "admin only changes via finalize" as a global check after every action. the duplicate-signer injection and the duplicate-approve idempotency check map cleanly onto the contract's 4020 guard. acceptance criteria from #22 are all covered, the cargo.toml bin registration is correct, and the only contract change is making four constants pub, which is behavior-preserving. all 229 workspace tests still pass and the governance_fuzz binary compiles cleanly on its own.

two small things to fix before this can merge:

1. the new file fails cargo fmt --check (import grouping, the rcall! calls, and a few assert_eq! arg layouts). please run cargo fmt from inside the fuzz/ directory and commit.

2. cargo clippy --bin governance_fuzz -- -D warnings flags a needless_range_loop at the signer-building loop. swapping for i in 0..n for for s in signer_pool.iter().take(n) clears it.

one heads up that is not on you: the fuzz crate as a whole currently does not build because the three older targets (lending_pool_fuzz, loan_manager_fuzz, remittance_nft_fuzz) have stale call signatures. your governance_fuzz builds fine in isolation (--bin governance_fuzz), so this is a pre-existing problem the maintainers will sort separately, but it means a plain cargo build --manifest-path fuzz/Cargo.toml will fail until then.

once fmt and clippy are green this is good to go.

if you want to keep contributing, join us on Telegram: https://t.me/+DOylgFv1jyJlNzM0

[Francis6-git]

Hope you don't mind if I work on this tomorrow due to some environmental conditions.

[Francis6-git]

nice work on this one. the governance fuzz target is genuinely well thought out: the action enum covers the whole lifecycle (propose/approve/finalize/cancel/emergency-cancel/expire/advance-time), signers are drawn from a fixed pool so duplicates and out-of-set callers are both exercised, and the invariants are meaningful rather than decorative. i especially like the pre-finalize snapshot pattern, asserting threshold-met plus timelock-elapsed plus before-ttl against the captured proposal, and the shadow expected_admin that enforces "admin only changes via finalize" as a global check after every action. the duplicate-signer injection and the duplicate-approve idempotency check map cleanly onto the contract's 4020 guard. acceptance criteria from #22 are all covered, the cargo.toml bin registration is correct, and the only contract change is making four constants pub, which is behavior-preserving. all 229 workspace tests still pass and the governance_fuzz binary compiles cleanly on its own.

two small things to fix before this can merge:

1. the new file fails cargo fmt --check (import grouping, the rcall! calls, and a few assert_eq! arg layouts). please run cargo fmt from inside the fuzz/ directory and commit.
2. cargo clippy --bin governance_fuzz -- -D warnings flags a needless_range_loop at the signer-building loop. swapping for i in 0..n for for s in signer_pool.iter().take(n) clears it.

one heads up that is not on you: the fuzz crate as a whole currently does not build because the three older targets (lending_pool_fuzz, loan_manager_fuzz, remittance_nft_fuzz) have stale call signatures. your governance_fuzz builds fine in isolation (--bin governance_fuzz), so this is a pre-existing problem the maintainers will sort separately, but it means a plain cargo build --manifest-path fuzz/Cargo.toml will fail until then.

once fmt and clippy are green this is good to go.

if you want to keep contributing, join us on Telegram: https://t.me/+DOylgFv1jyJlNzM0

Done,
Please review.

[ogazboiz]

both fixes landed: cargo fmt is clean (ci's fmt step passed) and the signer loop is now for s in signer_pool.iter().take(n) so the needless_range_loop clippy warning is gone. ci is green across fmt, clippy -D warnings and the test suite.

bonus that's above and beyond #22: you also repaired the three stale fuzz targets (lending_pool, loan_manager, remittance_nft) to the current contract signatures and registered multisig_governance in the cargo.toml, which is basically the #21 cleanup. one honest caveat, ci keeps the fuzz build step as continue-on-error, so green ci doesn't by itself prove the whole fuzz crate compiles. worth a separate confirm before we call #21 closed, but it's strictly better than what was there. merging this.

if you want to keep contributing, join us on Telegram: https://t.me/+DOylgFv1jyJlNzM0