feat: Fuzz harness skeleton for commitment_id strings and amounts

[nayt9]

PR: Fuzzing Surface + Arithmetic Hardening for commitment_core

Summary

This PR introduces a no_std-friendly fuzzing surface for commitment_core, strengthens arithmetic safety in core contract paths, and fixes test inconsistencies to restore a fully passing suite.

---

Changes

Fuzzing

• Added a new helper module in fuzzing.rs:

  • Classifies raw commitment_id byte shapes
  • Evaluates amount/fee combinations
  • Designed to run without a Soroban Env (no_std-compatible)

• Added fuzz_tests.rs with deterministic seed coverage for:

  • Empty, oversized, and invalid commitment IDs
  • Non-positive amounts
  • Invalid basis points (BPS)
  • Max-fee edge cases
  • Overflow-prone values

• Introduced a fuzzing feature flag in Cargo.toml:

  • Enables reuse in future host-side fuzzing harnesses

---

Contract Hardening

• Updated create_commitment and update_value:
  • Replaced unchecked arithmetic with checked operations
  • Added explicit ArithmeticOverflow contract error
  • Improves safety around edge-case inputs discovered via fuzzing

---

closes #297

[drips-wave]

@nayt9 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits