Add secondary key permissions check in transfer_funds

[HenriqueNogara]

changelog

other

Add secondary key permissions check in transfer_funds

[Copilot]

Pull request overview

This PR strengthens settlement::transfer_funds authorization by ensuring that when the source is a portfolio, secondary keys must also have explicit portfolio permissions (in addition to custody checks). This aligns transfer_funds with existing portfolio permission enforcement patterns used elsewhere in the runtime.

Changes:

• Extend PortfolioFnTrait to support an AccountId-parameterized secondary-key permission check via ensure_portfolio_custody_and_permission.
• Update pallet_settlement::transfer_funds authorization to call the new custody+permission check for portfolio sources.
• Add a runtime test covering rejection of portfolio transfers initiated by a secondary key without portfolio permissions.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
primitives/src/traits.rs	Extends the portfolio custody trait to include secondary-key portfolio permission checks.
pallets/settlement/src/lib.rs	Enforces portfolio secondary-key permission checks during transfer_funds authorization.
pallets/runtime/tests/src/settlement_pallet/transfer_funds.rs	Adds regression test ensuring unauthorized secondary keys cannot transfer from portfolios.
pallets/portfolio/src/lib.rs	Implements the updated PortfolioFnTrait (now generic over AccountId) and forwards to existing pallet logic.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.