feat: add address poisoning detection to PhishingController

[AugmentedMode]

Explanation

This PR adds address poisoning detection to @metamask/phishing-controller by:

• Introducing a findSimilarAddresses utility that compares a candidate address against known recipients using prefix/suffix matching heuristics
• Exposing a new PhishingController:checkAddressPoisoning messenger action that clients can call to check if a recipient address looks like a poisoning attempt
• Hydrating and maintaining a set of known recipient addresses from:
  • Confirmed transactions via TransactionController state
  • Address book entries via AddressBookController state
• Subscribing to state changes on both controllers to keep the known recipients set up to date
• Returning match metadata (prefix/suffix match lengths, poisoning score, diff indices) so consumers can make informed decisions about how to warn users

References

• Related to address poisoning attack vector (learn more)

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Adds new public messenger action and background state hydration/subscriptions to TransactionController and AddressBookController, which could affect runtime behavior and performance if recipient tracking or matching is incorrect. Logic is additive and guarded, but touches controller wiring and event handling.

Overview
Adds address-poisoning detection to @metamask/phishing-controller by introducing findSimilarAddresses and a new PhishingController:checkAddressPoisoning action that returns similarity metadata (prefix/suffix lengths, score, diff indices).

PhishingController now hydrates and maintains an in-memory set of known recipient addresses sourced from confirmed transactions and address-book entries, updating this set on both controllers’ stateChange events (with error isolation so token scanning still proceeds). Tests and types/exports are updated accordingly, and @metamask/address-book-controller is added as a dependency.

^{Written by Cursor Bugbot for commit c210787. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}