fix: add two-step admin handoff

[dangelo352]

Summary

• add PendingAdmin storage plus propose_admin/accept_admin/get_pending_admin to commitment_nft, attestation_engine, allocation_logic, and price_oracle
• keep set_admin as a deprecated compatibility wrapper that proposes but does not complete transfer
• add coverage for non-admin proposal rejection, pending-only acceptance, re-proposal overwrite, and post-accept admin permissions
• document the two-step handoff in security considerations and the timelock runbook

Fixes #492.

Tests

• CARGO_TARGET_DIR=/tmp/commitlabs-admin-handoff-target cargo test -p price_oracle admin -- --nocapture
• CARGO_TARGET_DIR=/tmp/commitlabs-admin-handoff-target cargo test -p allocation_logic admin_handoff -- --nocapture
• CARGO_TARGET_DIR=/tmp/commitlabs-admin-handoff-target cargo test -p attestation_engine admin_handoff -- --nocapture
• CARGO_TARGET_DIR=/tmp/commitlabs-admin-handoff-target cargo test -p commitment_nft admin_handoff -- --nocapture
• CARGO_TARGET_DIR=/tmp/commitlabs-admin-handoff-target cargo test -p commitment_nft set_admin_with_zero_address -- --nocapture
• git diff --check