Audit findings batch 1 (Chris): info/gas/low fixes

[amiecorso]

Summary

Addresses audit findings 2–7 (informational, gas optimization, and low severity).

Findings

• 2 (Info): Fix stale repo reference in PublicERC6492Validator NatSpec — pointed to spend-permissions instead of account-policies
• 3 (Gas): Remove redundant idempotency check in replaceWithSignature — the same check already exists in _replace, so the storage reads and conditional in the caller were wasted
• 4 (Gas): Pass pre-loaded storage pointers to _uninstallForReplace and _installForReplace — avoids redundant keccak256 slot computations, SLOADs, and a getPolicyId recomputation
• 5 (Info): Hoist policyRecordByBinding.uninstalled = true above the installed branch in binding-mode _uninstall — set unconditionally since both branches wrote it
• 6 (Low): Move whenNotPaused from _onExecute modifier to function body, after the empty-executionData early return — aligns installWithSignature behavior with install (both now succeed while paused)
• 7 (Low, no-op): Document stale-state risks on setPolicyManager — preserves the migration use case but warns admins about install-state assumptions a new manager must uphold

Testing

All 288 tests pass. No new test files; one existing test updated to reflect finding #6 behavior change.