Allow network-managed extensions to lock tokens

We would like the Token Voting contract to be able to lock tokens (obviously), but without making the "lock tokens" function totally public (although technically, it sort of already is). Rather than gating the function behind a permission (which raises the question of "which permission", ideally not root), we will let network-managed extensions call the function.