Add authorization tests proving non-verifier and non-creator callers are rejected across accountability_vault

## Add authorization tests proving non-verifier and non-creator callers are rejected across accountability_vault

### Description
`contracts/accountability_vault/src/test.rs` uses `mock_all_auths`, which masks negative authorization paths. Add tests that supply specific (wrong) addresses to assert `check_in` rejects non-verifiers, `stake`/`withdraw` reject non-creators, and `claim` rejects callers who are neither creator nor verifier — each returning the `Unauthorized` error from `contracts/accountability_vault/src/lib.rs`. Use scoped auth mocking rather than blanket `mock_all_auths`.

### Requirements and context
- Must be secure, tested, and documented
- Should be efficient and easy to review
- Add negative-auth tests for `check_in`/`stake`/`withdraw`/`claim` in `contracts/accountability_vault/src/test.rs`
- Use scoped auth mocking instead of `mock_all_auths` for these cases
- Assert the `Unauthorized` code from `contracts/accountability_vault/src/lib.rs`
- Keep existing positive tests passing

### Suggested execution
- Fork the repo and create a branch
- `git checkout -b test/contract-authorization`
- Implement changes
  - Add tests to `contracts/accountability_vault/src/test.rs`
  - Document the auth model in `contracts/README.md`
  - Use targeted `mock_auths` helpers
  - Add assertions on error codes
- Test and commit
  - Run tests, cover edge cases
  - Include test output and notes

### Example commit message
`test: cover unauthorized-caller paths in vault`

### Guidelines
- Minimum 95 percent test coverage
- Clear documentation
- Timeframe: 96 hours

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add authorization tests proving non-verifier and non-creator callers are rejected across accountability_vault #376