A-039 lock virtual offsets after first deposit

[carrion256]

Merged into #428

Merged into #428. The A-039 commit was cherry-picked into the fee-anchor lifecycle cluster PR as d31bf3c911f2e1deb417d0024571892f49e72f19, so this standalone per-finding PR is closed as merged into the cluster PR to preserve one-PR-per-cluster audit discipline.

Summary

Fixes Halborn/Nexus finding A-039 (21aa4dfa-595b-42a3-a1a0-cf7cba5e3f93): virtual conversion offsets could be changed after vault capitalization.

This PR makes virtual offsets immutable once the vault is capitalized by:

• rejecting SetGovernanceConfig(VIRTUAL_OFFSETS) when stored accounting is already nonzero,
• persisting a VirtualOffsetsLocked instance-storage flag after the first successful public deposit,
• rejecting future virtual-offset changes while the persistent lock is set, including after a later full unwind to zero state.

Regression coverage

• test_rejects_virtual_offset_updates_after_capitalization
• test_rejects_virtual_offset_updates_after_first_deposit_lock
• Existing offset behavior remains covered by test_set_virtual_offsets_updates_contract_storage, test_loads_virtual_offsets_from_storage, and deposit/preview virtual-offset tests.

Verification

Base: spr/refactor/vault-ergonomics/4f330057

• cargo fmt --all
• git diff --check
• CARGO_INCREMENTAL=0 CARGO_TARGET_DIR=/data/tmp/templar-a039/.target-a039 cargo test -p templar-soroban-runtime virtual_offset -- --nocapture
• CARGO_INCREMENTAL=0 CARGO_TARGET_DIR=/data/tmp/templar-a039/.target-a039 cargo test -p templar-soroban-runtime test_phase1_deposit_with_min_resource_probe -- --nocapture
• CARGO_INCREMENTAL=0 CARGO_TARGET_DIR=/data/tmp/templar-a039/.target-a039 cargo test -p templar-soroban-runtime -- --nocapture
• CARGO_INCREMENTAL=0 CARGO_TARGET_DIR=/data/tmp/templar-a039/.target-a039 just -f contract/vault/soroban/justfile size-budget-check

Runtime deploy WASM size: 94280 bytes (92.07 KiB) <= 131072 bytes (128.00 KiB).

---

This change is 

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 58ce2e84-f61f-4a4e-85d0-42c7311ab8b9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch audit/fee-anchor-a039

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[carrion256]

Merged into #428 (d31bf3c911f2e1deb417d0024571892f49e72f19). Closing this standalone A-039 PR because the fix now lives in the fee-anchor lifecycle cluster PR.