fix(security): harden account-key handling against prototype pollution

src/channels/plugins/config-writes.ts

@@ -1,4 +1,5 @@
 import type { OpenClawConfig } from "../../config/config.js";
+import { resolveAccountEntry } from "../../routing/account-lookup.js";
 import { normalizeAccountId } from "../../routing/session-key.js";
 import type { ChannelId } from "./types.js";
 
@@ -8,16 +9,7 @@ type ChannelConfigWithAccounts = {
 };
 
 function resolveAccountConfig(accounts: ChannelConfigWithAccounts["accounts"], accountId: string) {
-  if (!accounts || typeof accounts !== "object") {
-    return undefined;
-  }
-  if (accountId in accounts) {
-    return accounts[accountId];
-  }
-  const matchKey = Object.keys(accounts).find(
-    (key) => key.toLowerCase() === accountId.toLowerCase(),
-  );
-  return matchKey ? accounts[matchKey] : undefined;
+  return resolveAccountEntry(accounts, accountId);
 }
 
 export function resolveChannelConfigWrites(params: {