Prevent setting address(0) as the initialAdmin in AccessManager (#4570)

Co-authored-by: Francisco <fg@frang.io>

contracts/access/manager/AccessManager.sol

@@ -104,6 +104,10 @@ contract AccessManager is Context, Multicall, IAccessManager {
     }
 
     constructor(address initialAdmin) {
+        if (initialAdmin == address(0)) {
+            revert AccessManagerInvalidInitialAdmin(address(0));
+        }
+
         // admin is active immediately and without any execution delay.
         _grantGroup(ADMIN_GROUP, initialAdmin, 0, 0);
     }

contracts/access/manager/IAccessManager.sol

@@ -49,6 +49,7 @@ interface IAccessManager {
     error AccessManagerUnauthorizedAccount(address msgsender, uint64 groupId);
     error AccessManagerUnauthorizedCall(address caller, address target, bytes4 selector);
     error AccessManagerCannotCancel(address msgsender, address caller, address target, bytes4 selector);
+    error AccessManagerInvalidInitialAdmin(address initialAdmin);
 
     function canCall(
         address caller,

test/access/manager/AccessManager.test.js

@@ -1,5 +1,5 @@
 const { web3 } = require('hardhat');
-const { expectEvent, time } = require('@openzeppelin/test-helpers');
+const { constants, expectEvent, time } = require('@openzeppelin/test-helpers');
 const { expectRevertCustomError } = require('../../helpers/customError');
 const { selector } = require('../../helpers/methods');
 const { clockFromReceipt } = require('../../helpers/time');
@@ -38,6 +38,12 @@ contract('AccessManager', function (accounts) {
     await this.manager.$_grantGroup(GROUPS.SOME, member, 0, 0);
   });
 
+  it('rejects zero address for initialAdmin', async function () {
+    await expectRevertCustomError(AccessManager.new(constants.ZERO_ADDRESS), 'AccessManagerInvalidInitialAdmin', [
+      constants.ZERO_ADDRESS,
+    ]);
+  });
+
   it('default minsetback is 1 day', async function () {
     expect(await this.manager.minSetback()).to.be.bignumber.equal(MINSETBACK);
   });