fix(clob): sweep only unreserved native excess

[rndrntwrk]

Summary

Fixes the GoldClob custody issue found during the contract audit.

Before this patch, sweepETH() transferred the entire native balance to treasury. GoldClob uses that same balance for resting-order escrow, matched position collateral, cancellation refunds, and unresolved winner payouts, so the sweep path could drain user funds even though the storage liabilities remained active.

This patch adds native reserve accounting and limits sweepETH() to unreserved excess only.

Security Impact

• Resting order collateral increments reservedNative.
• Matched taker collateral increments reservedNative.
• Order cancellation and resting-order reclaim release only the refunded reserve.
• Resolved winner claims release the full winning-share liability, including market-maker fee.
• Cancelled market claims release the refunded stake liability.
• sweepETH() can only transfer address(this).balance - reservedNative.

Verification

• Red-path regression was confirmed before the fix: all new testSweep* tests failed against the vulnerable whole-balance sweep.
• env FOUNDRY_LIBS='["../../node_modules","lib"]' forge test --match-path test/GoldClobSettlement.t.sol --match-test 'testSweep' -> 3 passed, 0 failed
• env FOUNDRY_LIBS='["../../node_modules","lib"]' forge test --match-path test/GoldClobSettlement.t.sol -> 8 passed, 0 failed
• env FOUNDRY_LIBS='["../../node_modules","lib"]' forge test --match-path test/GoldClobStress.t.sol -> 10 passed, 0 failed
• env FOUNDRY_LIBS='["../../node_modules","lib"]' forge test --match-path test/fuzz/GoldClobFuzz.t.sol -> 4 passed, 0 failed
• git diff --check -> pass

Staging Policy

This PR targets main and is intentionally draft while review is pending. The same patch will be replayed into enoomian/staging for staging deployment and testing, but this effective PR remains open as the merge vehicle.