Add security-focused access control tests

[Mosas2000]

Summary

Adds 25 security-focused tests for the sprintfund-core contract.

Test Coverage

• Access control: Execute-proposal permission scenarios
• Vote manipulation: Override prevention, double-voting
• Stake security: Zero stake, over-withdrawal prevention
• Proposal security: Stake requirements, double execution prevention
• Quadratic voting: Cost calculation validation
• Fund transfers: Balance checks, error handling
• Owner privileges: Validates owner has no special powers

Known Issues Documented

Tests explicitly document current behavior for:

• Issue Contract: No access control on execute-proposal allows anyone to trigger execution #11: Anyone can execute passing proposals
• Issue Contract: Users can vote multiple times on the same proposal by overwriting previous vote #12: Vote overrides inflate total counts
• Issue Contract: Quadratic voting cost is checked but never deducted from stake #13: Vote cost is checked but not deducted

Testing

npm test -- tests/security.test.ts  # 25 tests pass

Resolves #55