Prevent operators from making `respond` calls for TEE nodes

[netrome]

Background

While we planned to add this feature in #1205, as observed in #1270 (comment) we seemed to have missed this part in the implementation.

Currently, we only check that respond calls emerge from the signer account of an MPC node. However, this account may have access keys outside of the TEE controlled by the operators - thus enabling them to make calls to the respond method (and any other methods they should not have access to).

We should add a mechanism to ensure the respond calls originate from the MPC nodes themselves.

User Story

As a node operator I don't want access to dangerous calls.

Acceptance Criteria

We've restricted the respond method of the MPC contract so that it's possible to set up a node in a TEE without granting the operator access to calling this method.

Resources & Additional Notes

No response