add LiteSVM tests for compute budget measurement

[AuroraLantean]

• add LiteSVM tests for close_challenge, close_verification_result, update_protocol_config, withdraw_treasury, migrate_admin
• add compute unit measurement in authorize_new_wallet and migrate_identity
• edit docs/compute-budget.md

[zkr99]

Solid execution on Task 7. All five estimated CU values are now real measurements (close_challenge 1767, close_verification_result 1866, update_protocol_config 4508, withdraw_treasury 7526, migrate_admin 11140), plus bonus measurements for authorize_new_wallet (15485) and migrate_identity (73669-87169) from #32. The setProgramDataAcct helper using svm.setAccount is exactly the right pattern for testing migrate_admin in LiteSVM, and adding RegistryError::ProgramDataPda for the canonical-PDA check is a nice tightening.

Covered the negative-test gap and the remaining Unauthorized distinct-errors split in Discord - those are conversation items, not blockers here. One small inline note on the migrate_admin row.

[zkr99]

Two follow-ups from your earlier Discord questions, plus a small task. Not blocking the merge:

1. Distinct errors in migrate_admin — ProgramDataPda in this PR covers L435. The 6 body sites (L119, L120, L123, L126, L134, L136) still share Unauthorized. Cleanest split:

• WrongUpgradeAuthority for L126 — the actual access-control gate, most important to distinguish
• InvalidProtocolConfig for L134, L136
• L119/L120/L123 can share ProgramDataPda (all "programdata bytes malformed")

2. Negative test for migrate_admin — your registry.migrateAdmin() test sets the signer as the upgrade authority via setProgramDataAcct, so it always passes. Add the negative case so the gate at L126 is actually exercised:

setProgramDataAcct(programdataAddr, adminKp.publicKey, adminKp.publicKey);
migrateAdmin(user1Kp, protocolConfigPda, programdataAddr,
  "Error Code: Unauthorized" // or WrongUpgradeAuthority after the split
);

Admin is the registered upgrade authority but user1 signs — require! fires.

3. Renames — yes please, go ahead. Sweep the leftover iam references in entros-anchor.ts, entros-verifier.ts, utils.ts, devnet-airdrop.sh, and LICENSE:

grep -rn "iam[_-]" --include="*.ts" --include="*.sh" --include="LICENSE"

from repo root, skip node_modules. Small focused PR to develop, can fold the two items above into it if convenient.

[zkr99]

Distinct errors split applied cleanly, negative test for migrate_admin is exactly the right shape, renames are thorough. One small bug in errors.rs to fix before merge - inline.

[zkr99]

Both #[msg] strings updated cleanly, and good catch updating the negative test's expected error string to match - without it the substring check would have broken. Ready to merge.