hermes-agent [ Crypto ] Fix tx.origin phishing vulnerability in GovernanceToken delegation

[KK88100]

Issue

Closes #912

Summary

Replaced all tx.origin authorization checks with msg.sender in delegateVote and revokeDelegate. Replaced tx.origin == admin in snapshot() with onlyOwner modifier from OpenZeppelin Ownable. Added zero-address guards and a phishing test that verifies a malicious contract cannot delegate votes on behalf of users who interact with it.

Acceptance Criteria

• No usage of tx.origin remains in the contract
• All authorization checks use msg.sender
• onlyOwner modifier protects admin functions (snapshot)
• Delegated voting still works correctly through legitimate contract interactions
• Added a test that deploys a phishing contract and verifies it cannot delegate votes
• Existing governance proposal and voting tests pass unchanged
• Included .attribution.json

Tests

Tests added in solidity/test/GovernanceToken.t.sol using Foundry:

• test_DelegateVoteUsesMsgSender
• test_PhishingCannotDelegateOthers
• test_RevokeDelegateUsesMsgSender
• test_SnapshotOnlyOwner
• test_DelegateToSelfRejected
• test_DelegateVoteRevertsForZeroAddress
• test_GovernanceProposalAndVoting

Payment address (USDT TRC20): TXjaadYhD579e3bCWKnRFKjRq9RZQL7WNj

[KK88100]

Payment address for bounty (USDT TRC20): TXjaadYhD579e3bCWKnRFKjRq9RZQL7WNj

[github-actions]

Unfortunately the changes in this PR didn't fully resolve the issue. Please rework your solution and submit a new pull request.

Make sure to review the acceptance criteria in the linked issue and verify all conditions are met before resubmitting. See CONTRIBUTING.md for guidelines.