fix: preserve shielded ops for bytes(sbytes) aliases (#248)

[drappi-ai]

Summary

Fixes #248.

bytes(sbytes_storage_ref) could lose the fact that the alias still points at shielded storage. That made the compiler emit ordinary storage ops for paths that still touch private slots, which then failed at runtime with InvalidPrivateStorageAccess.

Affected cases included:

• inline reads like return bytes(m[0]);
• storage aliases like bytes storage ref = bytes(data);
• alias reads and writes such as return ref, ref[i], ref[i] = ..., ref.push(...), and ref.pop()
• internal helpers that take or return bytes storage aliases derived from shielded storage

Fix

The compiler now preserves an internal shielded-storage marker on bytes / string storage references produced from shielded storage.

Both codegen pipelines use that marker to keep using shielded storage ops while the alias still points at shielded storage:

• storage-to-memory reads use cload
• alias writes use cstore
• indexed alias helpers preserve shielded storage ops as well

The marker is only for storage-op selection. It does not change the surface type of bytes: user-visible typing like .length stays ordinary, and deep copies into genuinely public storage stay on ordinary storage ops.

Tests

Added and expanded coverage for:

• the original inline bytes(sbytes_storage) bug
• direct storage aliases created from bytes(sbytes_storage_ref)
• alias reads and writes through locals, internal parameters, and internal return values
• chained aliases, ternary/reassignment flows, modifiers, and .length
• short and long byte arrays
• plain storage, mappings, arrays, structs, mapping-of-struct, and nested mappings