Fix RIP-200 hmac import scope

[Thanhdn1984]

Summary

• move hmac import to module scope in node/rewards_implementation_rip200.py
• keeps compare_digest available for all registered RIP-200 routes instead of only the settle handler

Test

• python3 -m compileall -q node/rewards_implementation_rip200.py

Fixes #6668

Bounty/miner id: keon0711

[github-actions]

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

• Non-doc PRs have a BCOS-L1 or BCOS-L2 label
• Doc-only PRs are exempt from BCOS tier labels when they only touch docs/**, *.md, or common image/PDF files
• New code files include an SPDX license header
• You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

[MolhamHamwi]

Reviewed node/rewards_implementation_rip200.py in PR #6670.

Two specific observations:

• Moving import hmac to module scope is safe here because settle_rewards() is the only current consumer (hmac.compare_digest(...)), and the module already imports other stdlib dependencies at top level. That keeps privileged endpoint auth code from depending on an inline import inside the route handler.
• I checked the updated head with py_compile; the file still compiles after the import-scope change, so the patch does not introduce a syntax/import-order regression in this module.

Why I liked it: this is a minimal, low-risk cleanup around a security-sensitive constant-time comparison path rather than a broad refactor.

I received RTC compensation for this review.