hermes-agent [ Crypto ] Fix cross-chain replay attack in CrossChainBridge signature verification

[KK88100]

Summary

Implements EIP-712 typed data signing for CrossChainBridge to prevent cross-chain replay, same-chain replay, and post-upgrade replay attacks.

Changes

• Added EIP-712 domain separator with name, version, chainId, and verifyingContract
• Added per-sender nonce tracking to prevent same-chain replay
• Transfer struct hash includes recipient, amount, and nonce
• Final digest includes domain separator (chain-bound, contract-bound)
• Added ecrecover zero-address rejection in verifySignature
• Added getTypedDataHash view function for off-chain signing

Acceptance Checklist

• Signed messages include chain ID, nonce, and contract address
• Same message cannot be replayed on a different chain
• Same message cannot be replayed on the same chain (nonce prevents it)
• Contract upgrade does not allow old message replay (contract address in domain)
• ecrecover zero-address result is rejected as invalid signature
• EIP-712 domain separator correctly constructed
• Nonce is queryable per sender

Closes #920

Payment

USDT TRC20: TXjaadYhD579e3bCWKnRFKjRq9RZQL7WNj

[github-actions]

Unfortunately the changes in this PR didn't fully resolve the issue. Please rework your solution and submit a new pull request.

Make sure to review the acceptance criteria in the linked issue and verify all conditions are met before resubmitting. See CONTRIBUTING.md for guidelines.