Fix `refund_bridge_transfer` so only the bridge can successfully call it

[andygolay]

Describe the bug

• Currently refund_bridge_transfer has no access control.

Expected behavior

• There should be an assertion to check that the bridge signer is the caller.

Additional context

• I'm not sure whether the bridge signer should be a separate address besides the origin account used in deploying the module. What do you think @0xmovses @0xPrimata ?

[0xmovses]

Let's go with the current pattern laid out here:

https://github.com/movementlabsxyz/movement/blob/33ceb339ad9b6afffcae34b4cb2936056[…]its/bridge/move-modules/sources/atomic_bridge_counterparty.move

https://github.com/movementlabsxyz/movement/blob/33ceb339ad9b6afffcae34b4cb2936056[…]rotocol-units/bridge/contracts/src/AtomicBridgeCounterparty.sol