refactor StakeManager to support AccessControl

src/StakeManager.sol

@@ -79,7 +79,7 @@ contract StakeManager is
     address public guardian;
 
     modifier onlyAdminOrGuardian() {
-        if (msg.sender != guardian && msg.sender != owner()) {
+        if (msg.sender != guardian && !hasRole(DEFAULT_ADMIN_ROLE, msg.sender)) {
             revert StakeManager__Unauthorized();
         }
         _;
@@ -141,11 +141,11 @@ contract StakeManager is
      * @dev The supplier is going to be the `Karma` token.
      * @param _rewardsSupplier The address of the rewards supplier.
      */
-    function setRewardsSupplier(address _rewardsSupplier) external onlyOwner onlyNotEmergencyMode {
+    function setRewardsSupplier(address _rewardsSupplier) external onlyRole(DEFAULT_ADMIN_ROLE) onlyNotEmergencyMode {
         rewardsSupplier = _rewardsSupplier;
     }
 
-    function setGuardian(address _guardian) external onlyOwner onlyNotEmergencyMode {
+    function setGuardian(address _guardian) external onlyRole(DEFAULT_ADMIN_ROLE) onlyNotEmergencyMode {
         guardian = _guardian;
     }
 
@@ -589,7 +589,9 @@ contract StakeManager is
      * @dev This function is only callable by the owner.
      */
     function _authorizeUpgrade(address) internal view override {
-        _checkOwner();
+        if (!hasRole(DEFAULT_ADMIN_ROLE, msg.sender)) {
+            revert StakeManager__Unauthorized();
+        }
     }
 
     /*//////////////////////////////////////////////////////////////////////////

src/TrustedCodehashAccess.sol

@@ -3,6 +3,7 @@ pragma solidity 0.8.26;
 
 import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
 import { ITrustedCodehashAccess } from "./interfaces/ITrustedCodehashAccess.sol";
+import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
 
 /**
  * @title TrustedCodehashAccess
@@ -11,7 +12,7 @@ import { ITrustedCodehashAccess } from "./interfaces/ITrustedCodehashAccess.sol"
  *         interact with the functions using the `onlyTrustedCodehash` modifier.
  * @dev This contract is used to restrict access to functions based on the codehash of the caller.
  */
-abstract contract TrustedCodehashAccess is ITrustedCodehashAccess, OwnableUpgradeable {
+abstract contract TrustedCodehashAccess is ITrustedCodehashAccess, AccessControlUpgradeable {
     /// @notice Whidelisted codehashes.
     mapping(bytes32 codehash => bool permission) private trustedCodehashes;
     /// @notice Gap for upgrade safety.
@@ -36,7 +37,7 @@ abstract contract TrustedCodehashAccess is ITrustedCodehashAccess, OwnableUpgrad
      * @param _initialOwner The address of the owner.
      */
     function __TrustedCodehashAccess_init(address _initialOwner) public onlyInitializing {
-        _transferOwnership(_initialOwner);
+        _setupRole(DEFAULT_ADMIN_ROLE, _initialOwner);
     }
 
     /**
@@ -45,7 +46,7 @@ abstract contract TrustedCodehashAccess is ITrustedCodehashAccess, OwnableUpgrad
      * @param _codehash The bytecode hash of the contract.
      * @param _trusted Boolean flag to designate the contract as trusted or not.
      */
-    function setTrustedCodehash(bytes32 _codehash, bool _trusted) external onlyOwner {
+    function setTrustedCodehash(bytes32 _codehash, bool _trusted) external onlyRole(DEFAULT_ADMIN_ROLE) {
         trustedCodehashes[_codehash] = _trusted;
         emit TrustedCodehashUpdated(_codehash, _trusted);
     }

test/mocks/StackOverflowStakeManager.sol

@@ -71,7 +71,9 @@ contract StackOverflowStakeManager is UUPSUpgradeable, IStakeManager, TrustedCod
     }
 
     function _authorizeUpgrade(address) internal view override {
-        _checkOwner();
+        if (!hasRole(DEFAULT_ADMIN_ROLE, msg.sender)) {
+            revert StakeManager__Unauthorized();
+        }
     }
 
     function getAccount(address _account) external view returns (Account memory) {