fix: guard v47 upgrade fee bypass

[jamilahmadzai]

Summary

Closes #11.

Related: openmetaearth/me-hub#1237.

This patch closes the practical exploit chain around the v47 balance reset and the free-gas ante handler:

• persist a v47 marker in the upgrade store so resetExponent() only mints the precision-adjustment balances once
• keep admin and MEID-admin fee bypass behavior unchanged
• only allow message-based free gas when every message in the transaction is explicitly eligible for free gas
• add regression coverage for the mixed MsgCheckIn + paid-message case that previously bypassed fees

Why

The previous ante logic looked only at the first message and then stopped. A transaction could put MsgCheckIn first and append a fee-bearing message behind it, causing the whole transaction to skip fee checks and fee deduction.

The v47 upgrade balance reset also had no committed on-chain completion marker. If the handler were re-entered after the original upgrade completed, the minting portion could run again. The new marker makes that portion idempotent while still allowing the first legitimate v47 run to complete normally.

This intentionally does not change governance timing or the broader ante decorator stack in the same PR, since those are policy-level changes with a larger compatibility surface.

Validation

• gofmt -w app/fee_deduct.go app/fee_deduct_test.go app/upgrade_v47.go
• git diff --check
• go test ./app was attempted locally. The repo requires sibling replacements for st-chain/cosmos-sdk-0.46.0 and st-chain/wasmd-v0.41.0 as documented in .github/workflows/build_me.yaml, but those forks are not publicly accessible from my environment, so local compilation cannot reach project code.

Bounty payout

Meta Earth / OpenMetaEarth bug bounty payout: $MEC via ME Pass.

Wallet: me1ya82w6cjflk9r2qeyfeu64sm7gxtfr7mu62w9j