feat(invoice): add guarded recipient substitution with co-signer approval

[johnsaviour56-ship-it]

Summary

This PR introduces a secure recipient substitution flow, allowing a recipient address to be replaced after invoice creation while preserving existing allocations. For invoices with co-signers, substitutions require a fresh round of approvals to prevent unauthorized recipient changes.

Changes

• Added substitute_recipient() to support replacing an existing recipient with a new address.
• Required a new, dedicated approval process for recipient substitutions when co-signers are configured, using the configured required_signatures threshold.
• Allowed creator-only authorization for invoices without co-signers.
• Preserved the recipient's associated amounts, claimed status, and token allocations when transferring to the new address.
• Added validation to reject substitutions when the specified recipient does not exist.
• Kept substitution approvals independent of release approval signatures.

Testing

Added coverage for:

• Recipient substitution requiring fresh co-signer approvals
• Immediate substitution on creator authorization for non-co-signed invoices
• Preservation of recipient allocation and claim state
• Rejection when the original recipient is not found
• Regression testing for existing invoice and approval workflows

Acceptance Criteria

• Fresh co-signer approvals required for recipient substitution
• Creator-only substitution supported when no co-signers exist
• Recipient balances and state preserved after substitution
• Invalid recipient substitutions return "recipient not found"
• Added tests for co-signed and non-co-signed scenarios
• All existing tests pass
• cargo clippy passes with zero warnings

Result

Recipient addresses can now be safely updated without recreating invoices, while maintaining strong authorization guarantees through a dedicated approval workflow and preserving all recipient-related state.

Closes #226

[drips-wave]

@johnsaviour56-ship-it Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits