feat: add Etherscan label scraping and MetaMask phishing domain blocklist

- Add etherscanLabels module: scrapes Etherscan address pages for
  phishing/scam labels (Fake_Phishing*, Exploiter, scam warnings).
  Integrated as best-effort async check in addressWarnings.

- Add phishingDomains module: fetches MetaMask's eth-phishing-detect
  blocklist (~231K domains) at runtime, caches in memory, refreshes
  every 24h. Checks hostnames with subdomain matching and whitelist
  overrides.

- Integrate domain phishing checks into all approval flows:
  connection requests, transaction approvals, and signature requests
  show a prominent red warning banner when the requesting site is on
  the MetaMask blocklist.

- Add unit tests for both modules (12 tests for etherscanLabels
  parsing, 15 tests for phishingDomains matching).

Closes #114

src/shared/addressWarnings.js

@@ -4,6 +4,7 @@
 
 const { isScamAddress } = require("./scamlist");
 const { isBurnAddress } = require("./constants");
+const { checkEtherscanLabel } = require("./etherscanLabels");
 const { log } = require("./log");
 
 /**
@@ -92,6 +93,16 @@ async function getFullWarnings(address, provider, options = {}) {
         log.errorf("tx count check failed:", e.message);
     }
 
+    // Etherscan label check (best-effort async — network failures are silent).
+    try {
+        const etherscanWarning = await checkEtherscanLabel(address);
+        if (etherscanWarning) {
+            warnings.push(etherscanWarning);
+        }
+    } catch (e) {
+        log.errorf("etherscan label check failed:", e.message);
+    }
+
     return warnings;
 }