fix(validator): bind swapconfirm to reservation owner

[JSONbored]

Summary

• Closes SwapConfirm allows reservation hijacking by a different user #107
• require SwapConfirm source addresses to match the active reservation owner before continuing
• reject missing full reservation records with a distinct error
• add regression coverage for owner mismatch, queue safety, and the existing queued-confirm path

What changed

• handle_swap_confirm now reads the full reservation record and compares reservation.from_addr to synapse.from_address
• mismatched confirms return before proof verification, source transaction lookup, pending queue insertion, or contract voting
• tests now cover missing full reservation data, mismatched source owners, no side effects on mismatch, and preservation of an existing SQLite pending row

Why

A reservation is owned by the source address recorded on-chain. Confirming with a different source address should not be allowed to consume or modify that reservation, even if the caller controls the alternate address.

Validation

• uv run pytest tests/test_axon_handlers.py tests/test_pending_confirm_queue.py tests/test_validator_rejections.py -q
• uv run pytest -q
• uv run ruff check allways/validator/axon_handlers.py tests/test_axon_handlers.py
• CodeRabbit review: 0 issues after addressing one minor message-clarity note
• Codex Security diff scan: no reportable findings

Notes

• Checked active upstream PRs before opening. Nearby validator PRs touch this area, but none appear to close SwapConfirm allows reservation hijacking by a different user #107 or add this owner-binding check.