fix: consume allowance on transferFrom when caller == from

[stevieraykatz]

Summary

MockB20.transferFrom (and transferFromWithMemo) gated _consumeAllowance behind msg.sender != from, so an owner-as-caller transferFrom(self, to, amt) silently moved tokens without burning any approval. OZ ERC20 and the Rust precompile both carve no exception for msg.sender == from, so this is a real divergence — flagged by Andreas in #proj-b20.

Fix

_consumeAllowance now fires unconditionally outside the factory bootstrap window. The executor-policy check is still gated on msg.sender != from, since the sender-policy already covers from inside _transfer and self-callers aren't a distinct executor — this is the one carve-out the mock intentionally keeps.

if (!_isPrivileged()) {
    _consumeAllowance(from, msg.sender, amount);
    if (msg.sender != from) {
        // executor policy check
    }
}

Tests

Regression tests added to both transferFrom.t.sol and transferFromWithMemo.t.sol (all fuzz, per repo convention):

• test_transferFrom_revert_selfCaller_insufficientAllowance — owner-as-caller with no self-approval reverts InsufficientAllowance
• test_transferFrom_success_selfCaller_decreasesAllowance — owner-as-caller consumes allowances[from][from] slot
• test_transferFrom_success_selfCaller_skipsExecutorPolicy — pins the intentional carve-out: executor policy is still bypassed when msg.sender == from
• test_transferFromWithMemo_revert_selfCaller_insufficientAllowance / …_success_selfCaller_decreasesAllowance — same for the memo variant

Test plan

• forge test --match-path "test/unit/B20/erc20/transferFrom.t.sol" — 14/14 passing
• forge test --match-path "test/unit/B20/**/*.t.sol" — 191/191 passing
• forge test (full suite) — 504/504 passing

[linear]

BOP-173