[GF-CONTRACT-01] Add admin authorization check in manage_hub subscription.rs

[yusuftomilola]

Problem

contracts/manage_hub/src/subscription.rs (line 1048) contains a // TODO: Add admin check here comment marking a function that executes privileged subscription management operations without verifying the caller has admin authority. This is a security gap — any caller can invoke admin-only subscription operations on-chain without restriction.

Proposed Solution

Add an admin authorization check at line 1048 using the existing access control pattern already used elsewhere in the ManageHub contracts. The access_control contract (contracts/access_control/src/lib.rs) defines role-based access helpers that other contracts use via cross-contract calls.

Steps:

1. Review how other admin-guarded functions in manage_hub/src/lib.rs verify admin access (look for existing require_admin() or role-check patterns)
2. Replicate the same pattern at line 1048 in subscription.rs — invoke the AccessControl client to verify the env.invoker() has the Admin or SuperAdmin role before proceeding
3. If the caller does not have the required role, the function must panic with a descriptive error: "Unauthorized: admin role required"
4. Add a test case in contracts/manage_hub/src/test.rs that verifies a non-admin caller is rejected

Acceptance Criteria

• Admin role check added at line 1048 of subscription.rs using the existing access control pattern
• Non-admin callers attempting to invoke the function receive an "Unauthorized" panic
• Existing passing tests continue to pass without modification
• A new test case is added confirming that a non-admin address is rejected
• The // TODO comment is removed after the check is implemented

[Mmesolove]

Hi maintainer,I have read the description and I can resolve this issue, please kindly assign to me.