docs(contracts): full NatSpec sweep on AgentEscrow + surface two audit flags

[abhicris]

Summary

Cover every public/internal item in contracts/AgentEscrow.sol with @notice / @dev / @param / @return tags. No logic changes; ABI is identical to main.

What's in scope

• 286 insertions / 43 deletions in contracts/AgentEscrow.sol
• Every external + public function gets full NatSpec
• Every event gets @notice + @param indexed documentation
• Every storage variable gets a one-line @notice
• Two audit observations surfaced as @dev notes (see below) — no behavior changes

Two audit flags surfaced (not fixed in this PR)

1. registerAgent is permissionless. Any address can whitelist itself by calling registerAgent. The @dev tag warns integrators not to rely on registeredAgents as a trust anchor until an owner model is added. Tracked for a follow-up PR.

2. AgentDeregistered is an orphaned event. It is declared but never emitted because no deregisterAgent function exists. The @dev tag marks it unreachable and defers either removal or a matching function to a follow-up.

What's NOT in scope

• No logic changes anywhere (ABI is byte-identical to main)
• No fix for the two audit flags above (each deserves a focused PR)
• No new tests (sibling PR test(escrow): add Foundry suite covering AgentEscrow state transitions + events + reentrancy #2 already adds the Foundry suite for escrow state transitions)
• No deregisterAgent implementation

Test plan

• forge build clean
• forge test unchanged (no logic touched)
• ABI diff vs main: empty
• Solidity compiler version unchanged

Closes nothing on its own — pairs naturally with #1 (parse_wei case fix) and #2 (Foundry suite) as part of the contracts-quality sweep.