Hardening: validate owners and data lengths in native admin handlers

[RedaRahmani]

Summary of Changes

This PR adds guard rails around the two “native fast-path” admin handlers in admin.rs.
These handlers skip Anchor account validation and write directly into accounts[0].data using fixed byte offsets. That’s fast, but it also means a bad account (wrong owner, wrong sysvar, too-short data, etc.) can lead to unsafe indexing/slicing or accidental writes.

What changed

• Before touching any bytes, we now:
  • verify we received enough accounts
  • verify the accounts we mutate are owned by the Drift program
  • verify the Clock sysvar account is actually the Clock sysvar
  • verify account data is large enough for the offsets we read/write
  • verify instruction payload length before parsing fields

Instead of crashing on bad inputs, the handlers now return standard ProgramErrors (safe failure).

Tests

• Added small unit tests that call the native handlers directly and confirm we reject:
• non-Drift-owned market/state accounts
• non-Clock sysvar passed in the clock slot
• market/state accounts with insufficient data length
• empty/short instruction payload (spread adjustment)

Notes

No protocol logic or offsets were changed, this is defense-in-depth only (safer validation + predictable errors).