feat: Bridge quotestream token warning events

[infiniteflower]

Explanation

The bridge-api SSE quote stream (getQuoteStream) now emits token_warning events alongside quote events. These warnings come from Blockaid security scanning of the destination token and contain information like whether a token is a honeypot or has unstable pricing.

Previously, fetchBridgeQuoteStream ignored the SSE event: name and attempted to validate every message as a quote response. This meant token_warning events were silently dropped (or caused spurious validation failures).

This PR:

• Adds event routing in fetchBridgeQuoteStream — only quote events go through quote validation, token_warning events are validated separately via a new superstruct schema and routed to a dedicated handler, and all other event types are skipped.
• Adds a tokenWarnings: TokenFeature[] field to BridgeControllerState, populated from the SSE stream and cleared on reset / new quote fetch.
• Renames onValidationFailure to onQuoteValidationFailure and #trackResponseValidationFailures to #trackQuoteValidationFailures for clarity now that there are multiple event types.
• Exports TokenFeature type and TokenFeatureType enum for use by clients.

References

https://consensyssoftware.atlassian.net/browse/SWAPS-4226

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Medium risk: changes SSE stream message routing and BridgeController state shape, which could affect quote streaming behavior and downstream consumers expecting previous handler names/state fields.

Overview
Adds support for token_warning events in the bridge-api quote SSE stream by routing SSE messages by event type, validating warnings with a new TokenFeature schema, and exposing them via a new tokenWarnings field on BridgeControllerState (reset on new requests and resetState, and de-duplicated by feature_id).

Renames the stream callback onValidationFailure to onQuoteValidationFailure (and corresponding internal tracker) to clarify metrics for quote-validation failures, and exports TokenFeature/TokenFeatureType plus a new selectTokenWarnings selector. Tests/snapshots are updated and extended with SSE warning stream fixtures and dedup/reset coverage.

^{Written by Cursor Bugbot for commit 37d8983. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}