fix: Critical Security Issues in Token Management Component

[manlikeHB]

📋 Summary

This PR addresses multiple critical security vulnerabilities and logic issues in the token management component that could lead to broken functionality and potential exploits. The fixes ensure proper access control, eliminate duplicate logic, and improve overall security posture.

🚨 Critical Issues Fixed

1. Access Control Vulnerability

Problem: Functions add_minter(), remove_minter(), and set_max_supply() incorrectly checked if caller was a minter instead of checking owner permissions.

2. Duplicate Transfer Logic

Problem: transfer() and transfer_from() manually updated balances AND called _transfer(), causing double execution.

3. Missing Event Indexing

Problem: Events lacked #[key] attributes, making them inefficient to query.

4. Incorrect Ownership Transfer Logic

Problem: Used caller instead of stored previous_owner for validation and events.

✨ Additional Improvements

• Unlimited Allowance Support
• Optional Max Supply
• Enhanced Security Features

✅ Checklist

• Fixed access control vulnerabilities
• Eliminated duplicate transfer logic
• Added proper event indexing
• Fixed ownership transfer logic
• Added unlimited allowance support
• Implemented optional max supply
• Added comprehensive unit tests
• Verified backward compatibility
• Updated documentation in code comments

🏷️ Related Issues

• Closes SC: Critical Bugs in Token Management Component #66