Add target whitelist for gas fund operations

[gakarot-sbs]

Summary

Adds an approved target whitelist for gas fund integrations.

Background

ClaimPool currently allows GasManager to interact with external integrations through useGasFund() and useGasFundApprove().

As the protocol evolves to support additional gas-fund use cases (yield deployment, protocol operations, automated treasury workflows, etc.), it is beneficial to explicitly restrict those interactions to approved integrations rather than allowing unrestricted target selection.

This change introduces a lightweight defense-in-depth control without altering the existing role model or execution flow.

Changes

• Added approvedTargets mapping.
• Added TargetWhitelisted event.
• Added TargetNotWhitelisted error.
• Added setApprovedTarget() admin function.
• Added whitelist validation to:
  • useGasFund()
  • useGasFundApprove()

Benefits

• Preserves the existing protocol architecture.
• Maintains the separation between redemption accounting and gas-fund operations.
• Restricts gas-fund interactions to explicitly approved integrations.
• Provides a safer foundation for future protocol integrations.
• Improves operational visibility and auditability.

Design Considerations

This approach was selected because it introduces minimal complexity while preserving the current trust model:

• Operator remains responsible for protocol administration.
• GasManager remains responsible for gas-fund operations.
• No new privileged roles are introduced.
• Existing push-style and pull-style integration support remains unchanged.

The result is a small, self-contained improvement that strengthens execution boundaries without requiring architectural changes.