OpenClaw Telegram allowlist authorization accepted mutable usernames

Summary Telegram allowlist authorization could match on @username mutable/recyclable instead of immutable numeric sender IDs. Impact Operators who treat Telegram allowlists as strict identity controls could unintentionally grant access if a username changes hands identity rebinding/spoof risk. Th...