fix: C-01 Missing Access Control for setDestinationSettler

[bmzig]

The ERC7683OrderDepositorExternal contract contains the setDestinationSettler function which provides a mapping of chain ID to that chain's settler contract address. This value is accessed through the _destinationSettler function of the same contract and is used by the inherited ERC7683OrderDepositor contract when constructing the fill instructions inside the _resolveFor function.

The issue is that the setDestinationSettler function has no access control and can be changed to any arbitrary address by any account. Consequently, a malicious user could set the destinationSettler address to a malicious address which is used in constructing the fill instructions. The filler on the destinationChain would need to give token approvals to the destinationSettler to execute the fill call. A malicious destinationSettler would be thus able to steal funds from the filler.

Since the ERC7683OrderDepositorExternal contract already inherits the Ownable contract, consider adding the onlyOwner modifier to its setDestinationSettler function.

This applies the suggestion and adds onlyOwner to setDestinationSettler.