fix: Guard against malicious processors [SUP-8873]

[TamaraRingas]

Problem

A malicious processor can take advantage of the refund mechanism.

completeCrossChainRebalance() complete a cross chain rebalance initiated by the user with startCrossChainRebalance(). This function could be called only by an address with a ROUTER_PLUS_PROCESSOR_ROLE. As the processor can pass arbitrary data as function arguments to both functions he can take advantage of the refund mechanism, leading to two possible scenarios:

Processor can force unnecessary refunds in completeCrossChainRebalance(): by passing a specific expectedAmountInterimAsset, he can force unnecessary refunds on every payload to be processed. Processor can steal all SuperformRouterPlusAsync funds: by starting a cross chain rebalance himself and thus passing a fake expectedAmountInterimAsset, he can issue a refund to himself stealing funds from the SuperformRouterPlusAsync contract.

Solution

• Refactor refund mechanism to include a requestRefund() function and a corresponding approveRefund() function that is only callable by CORE_STATE_REGISTRY_RESCUER

• Update tests

[linear[bot]]

SUP-8873 Guard Against Malicious Processors