[Contract] Build Transfer Restrictions Module with Whitelist Management

[yusuftomilola]

Compliance layer that can restrict token transfers to whitelisted addresses or require accredited investor status.

Requirements

TransferRestriction struct: require_accredited: bool, geographic_allowed: Vec<String>

set_transfer_restriction(env, asset_id, require_accredited) — Stores restriction config for an asset

add_to_whitelist(env, asset_id, address) — Adds address to allowed list

remove_from_whitelist(env, asset_id, address) — Removes from list

is_whitelisted(env, asset_id, address) — Read-only bool

get_whitelist(env, asset_id) — Returns full list

validate_transfer(env, asset_id, from, to) (called internally by transfer_tokens):

• If whitelist is non-empty, to must be whitelisted
• If require_accredited = true, additional check (can be a stub that checks whitelist for MVP)
• Returns Error::TransferRestricted on violation

Acceptance Criteria

• Transfer to non-whitelisted address fails when whitelist is active
• Empty whitelist = no restrictions
• validate_transfer integrated into transfer_tokens