Escrow contract allows to withdraw all the tokens directly without using the escrow contract code

[dfstio]

If you will add the following code to the end of the Escrow Contract example:

console.log("Jackie withdraws all remaining in escrow contract tokens directly without using escrow contract.")
const directWithdrawTx = await Mina.transaction({
  sender: jackie,
  fee,
}, async () => {
  await token.transfer(escrowContract.publicKey, jackie, new UInt64(1e9))
})
await directWithdrawTx.prove()
directWithdrawTx.sign([jackie.key, escrowContract.privateKey])
const directWithdrawTxResult = await directWithdrawTx.send().then((v) => v.wait())
equal(directWithdrawTxResult.status, "included")

const escrowBalanceAfterDirectWithdraw = (await token.getBalanceOf(escrowContract.publicKey)).toBigInt()
console.log("Escrow balance after direct withdraw:", escrowBalanceAfterDirectWithdraw/1_000_000_000n)
equal(escrowBalanceAfterDirectWithdraw, BigInt(0e9))

It runs, and Jackie gets all the tokens of the Escrow Contract without even using the Escrow Contract code:

Jackie withdraws all remaining in escrow contract tokens directly without using escrow contract.
Escrow balance after direct withdraw: 0n

The problem is that the Escrow Contract verification key is installed to the account {publicKey: escrowContract.publicKey}

const escrow = new TokenEscrow(escrowContract.publicKey)

while the tokens are being transferred to another account: {publicKey: escrowContract.publicKey, tokenId} that Escrow Contract does not affect at all.

Also a couple of minor comments:
https://github.com/MinaFoundation/mina-fungible-token/blob/main/examples/escrow.eg.ts#L43
total.greaterThanOrEqual(amount) gives the Bool result that is not being checked

https://github.com/MinaFoundation/mina-fungible-token/blob/main/examples/escrow.eg.ts#L200

const escrowBalanceAfterWithdraw = (await token.getBalanceOf(escrowContract.publicKey)).toBigInt()
console.log("Escrow balance after deposit:", escrowBalanceAfterDeposit2)
equal(escrowBalanceAfterWithdraw, BigInt(1e9))

prints a wrong value (escrowBalanceAfterDeposit2 instead of escrowBalanceAfterWithdraw)

[dfstio]

It was made right in the first commit for this repo:

mina-fungible-token/packages/token/src/token.test.ts

Line 174 in 528fe44

thirdPartyTokenHolder = new TokenHolder(zkAppAddress, token.token.id);

          thirdPartyTokenHolder = new TokenHolder(zkAppAddress, token.token.id);

          const tx = await Mina.transaction(deployerAccount, () => {
            // pay for deployment of 'thirdPartyTokenHolder'
            // token account by deployerAccount
            AccountUpdate.createSigned(deployerAccount).balance.subInPlace(
              Mina.accountCreationFee()
            );

            thirdPartyTokenHolder.deploy();
            token.approveAccountUpdate(thirdPartyTokenHolder.self);
          });

[dfstio]

I've added PR #104 following the discussion on discord:
https://discord.com/channels/484437221055922177/1275190503570280602