fix: filter out only malicious non-evm assets

[sahar-fehri]

Explanation

• Narrows the Blockaid token filter in MultichainAssetsController to only remove tokens flagged as Malicious, keeping Spam, Warning, and Benign tokens
• This is a product decision to reduce the risk of disrupting UX for memecoins and long-tail SOL assets.

References

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Changes token security filtering behavior, which can affect user exposure to potentially undesirable assets if Blockaid labels them as Spam/Warning rather than Malicious.

Overview
MultichainAssetsController now only removes tokens when Blockaid’s bulkScanTokens marks them as Malicious, instead of filtering any non-Benign result.

Tests were updated/expanded to assert the new behavior (keeping Spam/Warning tokens while still filtering Malicious), and the assets-controllers changelog documents the behavioral change.

^{Written by Cursor Bugbot for commit cb6c2df. This will update automatically on new commits. Configure here.}

[juanmigdr]

I see here this is for non-evm assets, not only SPL, is this right? Just confused by the title