feat: implement symmetric TIP-20 bounceback for zone deposits and withdrawals

[gakonst]

Summary

Implement symmetric bounceback behavior for TIP-20 blacklisted transfers on zones, covering both deposits and withdrawals.

Motivation

Currently bouncebacks are only implemented on withdrawals. Deposits that fail (e.g. recipient is blacklisted) have no consistent recovery path. This creates edge cases around zone-to-zone transfers and fund recovery.

Proposed Solution

1. Symmetric bouncebacks — implement bouncebacks on both deposit and withdrawal, not just withdrawal
2. Require bounceback address on deposit — the deposit function should require a bounceback address parameter (or default to sender). No deposit function without a bounceback address
3. Validate at initiation only — verify the bounceback address has permission to receive funds at the time of the deposit/withdrawal transaction, not at bounceback completion. Failure of action guarantees return to bounceback address
4. Zone portal bypasses TIP-20 403 — TIP-20 must allow the zone portal contract to bypass blacklist checks. The portal does its own checks instead
5. Distinguish bounce vs non-bounce withdrawals — need to differentiate between bounce-triggered withdrawals and regular withdrawals
6. Zone-to-zone transfer handling — on failed cross-zone deposits, funds land in a sequencer-controlled wallet. Add metadata so senders can prove ownership of the funds

Open Questions

• Refund address / "return-to" field in memo for sender-specified return intent
• How to handle decryption failures for recipient addresses

Context

Discussion: https://tempoxyz.slack.com/archives/C0AC9PZN01M/p1771879722723169

Prompted by: dankrad