Add recipient substitution with co-signer approval

[Kingsman-99]

Label: complexity: high
Points: 200

Description

There's no way to swap out a recipient after invoice creation (e.g. a recipient's address was compromised) without co-signer oversight for invoices that have one configured. This issue adds a guarded recipient substitution path.

Technical Context

Involves lib.rs — substitute_recipient(env, invoice_id, old_recipient: Address, new_recipient: Address). If co_signers is non-empty, require the same required_signatures threshold of fresh approvals specifically for this substitution (separate signature set from release approvals); if no co-signers configured, allow the creator alone.

Acceptance Criteria

• With co-signers configured, requires a fresh round of required_signatures approvals distinct from release-approval signatures
• Without co-signers, creator auth alone suffices
• Recipient's corresponding amounts/claimed/tokens entries carry over unchanged to the new address
• Panics with "recipient not found" if old_recipient isn't currently a recipient
• Test: co-signed invoice requires approvals before substitution applies; non-co-signed invoice substitutes immediately on creator call
• All existing cargo tests pass
• cargo clippy passes with zero warnings

---

[ZuLu0890]

@ZuLu0890 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @ZuLu0890 to this issue.

[johnsaviour56-ship-it]

@johnsaviour56-ship-it has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would love to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @johnsaviour56-ship-it to this issue.

[drips-wave]

Congratulations, @johnsaviour56-ship-it! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @johnsaviour56-ship-it: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[grantfox-oss]

🦊 GrantFox — @johnsaviour56-ship-it has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #226)
2. Your PR will be reviewed by the Stellar-split maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@johnsaviour56-ship-it's PR #255 was approved and merged by @Kingsman-99.

🏆 @johnsaviour56-ship-it: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (471 total points). Track your full progress on GrantFox.

👏 Great work, @johnsaviour56-ship-it! Keep contributing to Stellar-split.

[drips-wave]

This issue has been completed by @johnsaviour56-ship-it as part of the Stellar Wave Program's 6th Wave 🥳

😎 @johnsaviour56-ship-it: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.