Add PermissionedDomain to LoanBroker

[Tapanito]

High Level Overview of Change

Introduces access control for the Lending Protocol via Permissioned Domains. A LoanBroker can be configured as private at creation time, restricting loan issuance to Borrowers with valid credentials.

Changes:

• Add DomainID field and lsfLoanBrokerPrivate flag to the LoanBroker ledger entry
• Add tfLoanBrokerPrivate transaction flag to LoanBrokerSet
• Add failure conditions for credential validation on LoanSet
• Add Access Control section (3.1.13) documenting the feature behavior
• Add invariants for the private flag and domain relationship
• The domain can be changed or cleared after creation; the private flag is immutable
• Credential checks do not apply to LoanPay, Borrowers can always repay

Context of Change

Type of Change

• New XLS Draft
• XLS Update (changes to an existing XLS)
• XLS Status Change (e.g., Draft → Final, Draft → Stagnant)
• Process/Meta (changes to CONTRIBUTING.md, XLS-1, templates, etc.)
• Infrastructure (CI, workflows, scripts, website)
• Documentation (README updates, typo fixes)

[ximinez]

All my concerns have been addressed.

[a1q123456]

do we allow the case where LoanBroker.lsfLoanBrokerPrivate flag is not set, and domainID is provided as zero?

[Tapanito]

Good question! I think if LoanBroker.lsfLoanBrokerPrivate flag is not set, and DomainID is provided in any form, the TX should fail with tecNO_PERMISSION. What do you think?

[a1q123456]

Makes sense! Thanks for clarifying!