feat: Escrow single init guard

[anonfedora]

Summary

This PR implements a one-time initialization guard for the LiquiFact Escrow contract. It prevents an already initialized escrow instance from being re-initialized, ensuring that immutable parameters (such as the funding token, treasury, and yield tiers) cannot be overwritten after the initial setup.

What Changed

Core Logic

• Added DataKey::Initialized to the storage schema in lib.rs to track the initialization state.
• Updated init to assert that the Initialized key is not already present and set it to true upon successful setup.
• Refined get_escrow to explicitly check the Initialized flag before attempting to read the escrow state, providing a descriptive panic message if the contract is accessed prematurely.

Closes #2

Testing & Documentation

• Added test_init_sets_initialized_flag and updated existing double-initialization tests to verify the guard works as intended.
• Added formal invariant ESC-INI-001 (Single Initialization Guard) to the README.md for audit traceability.
• Included the initialization guard in the pre-deploy security checklist in README.md.
• Enhanced Rust doc comments for the init function to explicitly document the panic behavior and the guard.

Why This Matters

Without this guard, a malicious actor (or accidental operation) could potentially call init on an existing contract instance to overwrite critical storage keys like FundingToken or Treasury. This change enforces the immutability of the escrow configuration once finalized.

Validation

• Unit Tests: Ran cargo test -p liquifact_escrow. All 100 tests passed, including the new initialization scenarios.
• Security: Verified that get_escrow (used by all authenticated functions) fails safely if the contract is uninitialized.

Example Commit Message

feat(escrow): prevent re-initialization of existing escrow