[6] Harden `storage.rs` `expect()` panics to typed errors

[EmeditWeb]

Problem

Across all contracts, storage.rs files use .expect("loan not found") and similar patterns when reading persistent storage. These produce opaque VM traps with no error code, making the API unable to distinguish "loan does not exist" from "contract panicked unexpectedly".

Context

Every contract error must be a typed ContractError so the API can translate it to a proper HTTP status code. Right now, any missing storage read returns a 500 to the mobile app instead of a 404, which makes the user-facing error stories incoherent.

Before Starting

Read these context files first:

• context/architecture-context.md
• context/code-standards.md
• context/progress-tracker.md
• contracts/*/src/storage.rs
• contracts/*/src/errors.rs

What To Build

1. Audit every .expect(...) and .unwrap() call across all 5 storage.rs files. Use rg -n "expect\(|unwrap\(\)" contracts/*/src/storage.rs.
2. For each, change the function signature to return Result<T, ContractError>.
3. Replace .expect("loan not found") with .ok_or(ContractError::LoanNotFound)?.
4. Update callers in lib.rs to propagate with ?.
5. Add missing error variants where needed (e.g. PoolNotInitialized, VendorNotFound).
6. Add a regression test per contract: call a getter before initialize() and assert NotInitialized is returned (not a panic).

Files To Touch

• contracts/creditline-contract/src/storage.rs, errors.rs, lib.rs, tests.rs
• contracts/liquidity-pool-contract/src/storage.rs, errors.rs, lib.rs, tests.rs
• contracts/reputation-contract/src/storage.rs, errors.rs, lib.rs, tests.rs
• contracts/vendor-registry-contract/src/storage.rs, errors.rs, lib.rs, tests.rs
• contracts/token-mock-contract/src/storage.rs, errors.rs, lib.rs, tests.rs

Acceptance Criteria

• Zero .expect() or .unwrap() calls remain in any storage.rs
• All getter functions return Result<T, ContractError>
• 5 new regression tests prove typed errors are returned instead of panics
• All 93 existing tests still pass
• Cargo clippy returns no new warnings

Mandatory Checks Before PR

• cargo build passes with zero errors
• cargo test — all 93 existing tests still pass
• require_auth() is FIRST line of every mutating function
• extend_ttl() called after EVERY persistent storage write
• New unit tests written for every new function
• context/progress-tracker.md updated

[Dopezapha]

Hey maintainer, I would like to work on this issue by auditing all contract storage.rs files for expect() / unwrap() usage and converting storage getters to return typed Result<T, ContractError> values instead of VM panics.
I’ll update the corresponding callers in lib.rs to propagate errors with ?, add any missing error variants, and include one regression test per contract proving missing storage returns a typed error such as NotInitialized rather than panicking.
I’ll update context/progress-tracker.md and verify with rg, cargo build, full cargo test, and cargo clippy before opening the PR.

[grantfox-oss]

🦊 GrantFox — @Dopezapha has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #6)
2. Your PR will be reviewed by the StepFi-app maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@Dopezapha's PR #26 was approved and merged by @EmeditWeb.

🏆 @Dopezapha: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (48 total points). Track your full progress on GrantFox.

👏 Great work, @Dopezapha! Keep contributing to StepFi-app.