chore: remove hardcoded NFT chain allowlist from NftDetectionController (#8180)

## Explanation

### Summary

As part of the NFT provider migration plan, this PR removes the
hardcoded `supportedNftDetectionNetworks` allowlist from
`NftDetectionController` and delegates chain support validation to the
server instead.

> **Deployment dependency:** This PR depends on backend changes deployed
to production in
[`va-mmcx-nft-api#221`](consensys-vertical-apps/va-mmcx-nft-api#221).
**Do not merge this PR until those backend changes are live in
production.** The server must return an empty array (instead of an
error) for unsupported chains before the client-side chain gating can be
safely removed.

### Changes

- **Remove `supportedNftDetectionNetworks`**: Drops the static
`Set<Hex>` that previously allowed only 8 specific chains (Mainnet, BSC,
Polygon, Avalanche, Linea, Base, Sei, Monad) through NFT detection.
Detection now passes all provided chain IDs directly to the API.
- **Remove chain filtering in `detectNfts`**: The pre-API filter that
dropped unsupported chains before calling `#getOwnerNfts` has been
removed. `chainIds` is now passed through unmodified, allowing the
server to decide what to return.
- **Add non-EVM guard in `#getOwnerNfts`**: Chains that convert to
decimal `'0'` (non-EVM/invalid chains) are filtered out before making
the API call, and if all chains are non-EVM, the method returns `{
tokens: [], continuation: null }` early — avoiding a pointless API
round-trip.
- **Fix `continuation` type**: Updated `ReservoirResponse.continuation`
from `string | undefined` to `string | null` to match the updated server
response shape.

### Motivation

Keeping a hardcoded chain allowlist in the Core package tightly coupled
backend and frontend release cycles — adding support for a new chain
required coordinated changes in both places simultaneously. The backend
change in
[`va-mmcx-nft-api#221`](consensys-vertical-apps/va-mmcx-nft-api#221)
updates the NFT API to return `[]` instead of an error for unsupported
chains. With that in place, the Core package no longer needs to know
which chains are supported, enabling each side to evolve independently
going forward.

### Testing

- All existing `NftDetectionController` tests should continue to pass.
- Verify that NFT detection on previously unsupported chains gracefully
returns no results rather than throwing.
- Verify that non-EVM chains short-circuit before hitting the API.

### Merge checklist

- [ ]
[`va-mmcx-nft-api#221`](consensys-vertical-apps/va-mmcx-nft-api#221)
is merged and deployed to production
- [ ] NFT detection verified end-to-end against production API on at
least one previously unsupported chain

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

## References
https://consensyssoftware.atlassian.net/browse/ASSETS-2899
<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes NFT auto-detection behavior by delegating chain support to the
backend and altering pagination typing; incorrect backend behavior or
unexpected chain IDs could impact NFT detection results.
> 
> **Overview**
> **NFT detection no longer hardcodes a supported-chain allowlist.**
`NftDetectionController.detectNfts` now passes all provided `chainIds`
through to the NFT API instead of filtering to a fixed set of EVM
chains, relying on the server to return empty results for unsupported
networks.
> 
> **Non-EVM guardrails and response typing were updated.**
`#getOwnerNfts` filters out chain IDs that convert to decimal `0` and
returns an empty `{ tokens: [], continuation: null }` without making an
API call when only non-EVM chains are provided, and
`ReservoirResponse.continuation` is widened to `string | null` to match
the API shape.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
33e9745. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: juanmigdr

packages/assets-controllers/CHANGELOG.md

@@ -43,6 +43,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **BREAKING:** Standardize names of `AccountTrackerController` messenger action types ([#8164](https://github.com/MetaMask/core/pull/8164))
   - All existing types for messenger actions have been renamed so they include `Controller` (e.g. `AccountTrackerUpdateNativeBalancesAction` -> `AccountTrackerControllerUpdateNativeBalancesAction`). You will need to update imports appropriately.
   - This change only affects the types. The action type strings themselves have not changed, so you do not need to update the list of actions you pass when initializing `AccountTrackerController` messengers.
+- Remove hardcoded `supportedNftDetectionNetworks` chain allowlist from `NftDetectionController`; the NFT API now returns an empty array for unsupported chains instead of an error, so chain gating is no longer needed in the client ([#8180](https://github.com/MetaMask/core/pull/8180))
+- `NftDetectionController` now skips the NFT API call entirely when all provided chain IDs are non-EVM (decimal `0`), returning an empty result immediately ([#8180](https://github.com/MetaMask/core/pull/8180))
+- Update `ReservoirResponse.continuation` type from `string` to `string | null` to match the NFT API response shape ([#8180](https://github.com/MetaMask/core/pull/8180))
 
 ### Fixed
 

packages/assets-controllers/src/NftDetectionController.ts

@@ -63,20 +63,6 @@ export type NftDetectionControllerMessenger = Messenger<
   AllowedEvents
 >;
 
-/**
- * Set of supported networks for NFT detection.
- */
-const supportedNftDetectionNetworks: Set<Hex> = new Set([
-  '0x1', // Mainnet
-  '0x38', // BSC
-  '0x89', // Polygon
-  '0xa86a', // Avalanche
-  '0xe708', // Linea Mainnet
-  '0x2105', // Base
-  '0x531', // Sei
-  '0x8f', // Monad
-]);
-
 /**
  * @type ApiNft
  *
@@ -188,7 +174,7 @@ export type ApiNftCreator = {
 
 export type ReservoirResponse = {
   tokens: TokensResponse[];
-  continuation?: string;
+  continuation?: string | null;
 };
 
 export type TokensResponse = {
@@ -540,8 +526,21 @@ export class NftDetectionController extends BaseController<
     const convertedChainIds = chainIds.map((chainId) =>
       convertHexToDecimal(chainId).toString(),
     );
+
+    const filteredChainIds = convertedChainIds.filter(
+      (chainId) => chainId !== '0',
+    );
+
+    // Avoid making the API call for non-EVM chains
+    if (filteredChainIds.length === 0) {
+      return {
+        tokens: [],
+        continuation: null,
+      };
+    }
+
     const url = this.#getOwnerNftApi({
-      chainIds: convertedChainIds,
+      chainIds: filteredChainIds,
       address,
       next: cursor,
     });
@@ -575,12 +574,8 @@ export class NftDetectionController extends BaseController<
       options?.userAddress ??
       this.messenger.call('AccountsController:getSelectedAccount').address;
 
-    // filter out unsupported chainIds
-    const supportedChainIds = chainIds.filter((chainId) =>
-      supportedNftDetectionNetworks.has(chainId),
-    );
     /* istanbul ignore if */
-    if (supportedChainIds.length === 0 || this.#disabled) {
+    if (chainIds.length === 0 || this.#disabled) {
       return;
     }
     /* istanbul ignore else */
@@ -611,11 +606,7 @@ export class NftDetectionController extends BaseController<
     let resultNftApi: ReservoirResponse;
     try {
       do {
-        resultNftApi = await this.#getOwnerNfts(
-          userAddress,
-          supportedChainIds,
-          next,
-        );
+        resultNftApi = await this.#getOwnerNfts(userAddress, chainIds, next);
         apiNfts = resultNftApi.tokens.filter(
           (elm) =>
             elm.token.isSpam === false &&