Extended permissions for module accounts

[colin-axner]

Extended permissions to allow ModuleAccounts to take in multiple permissions
addresses #4652

• Targeted PR against correct branch (see CONTRIBUTING.md)

• Linked to github-issue with discussion and accepted design OR link to spec that describes this work.

• Wrote tests

• Updated relevant documentation (docs/)

• Added a relevant changelog entry: clog add [section] [stanza] [message]

• rereviewed Files changed in the github PR explorer

---

For Admin Use:

• Added appropriate labels to PR (ex. wip, ready-for-review, docs)
• Reviewers Assigned
• Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

[codecov]

Codecov Report

Merging #4679 into master will increase coverage by 0.1%.
The diff coverage is 85.03%.

@@            Coverage Diff            @@
##           master    #4679     +/-   ##
=========================================
+ Coverage   54.05%   54.16%   +0.1%     
=========================================
  Files         271      271             
  Lines       17281    17341     +60     
=========================================
+ Hits         9342     9392     +50     
- Misses       7257     7266      +9     
- Partials      682      683      +1

[fedekunze]

Idk if we want to add the option to register new types of permissions cc: @alexanderbez ?

[alexanderbez]

Looks good @colin-axner -- I left some initial feedback ☕️

[alexanderbez]

Idk if we want to add the option to register new types of permissions cc: @alexanderbez ?

Probably for another PR @fedekunze -- we need to think further on what that model/logic looks like.

[colin-axner]

So I updated supply to have two validate permission functions. One does basic syntax validation (we could add stricter checks but rn just checks permission isn't an empty string), the other is in Keeper and checks that the permission is contained in the mapping of allowed permissions for that module account. Not sure if we want sorted permissions in permAddrs but probably should be separate pr if we do.

Permissions can be added removed from a ModuleAccount but not from a PermAddr. I could add Register/Deregister (Add/Remove) functions for PermAddr but wanted to leave out for now.

In short, upon initialization of Keeper all module accounts and possible permissions must be specified. k.ValidatePermissions verifies that a module account only has its allowed permissions, but I'm not sure how to enforce usage of this function

[alexanderbez]

ACK pending CI and merge conflict fixes 👍

[fedekunze]

LGTM. Only minor changes suggested.

We will need to update Gaia and the migration PR once this is merged