feat: Validate amount with signer key authorizations

[hstove]

This PR implements some of the changes discussed in #4424.

• Closes Add validation for STX amount in signer key authorizations #4422
• Closes Add signer-key to *-increase pox events #4417

The primary change is the addition of two fields to signer key authorization messages, which are validated either via a signature or a previously stored authorization. These fields are max-amount and auth-id. max-amount reflects the maximum amount of STX that can be used in that specific stacking action. The auth-id field is used to prevent replay attacks, which would allow a stacker to go beyond max-amount over multiple transactions.

Note that stack-extend doesn't verify the amount field in the authorization, because there are no additional STX added. In that function, the primary purpose of the authorization is around the number of reward cycles being extended.

stack-increase is also changed. It now includes the signer-key, along with the signature and related fields. Along with the same signature / authorization verifications that other stacking functions have, this function also checks to ensure that the signer-key parameter matches the signer-key for each updated cycle. This means that you cannot call stack-increase if you've called stack-extend with a different signer key.

In pox-4 there is also a new map, used-signer-key-authorizations, which tracks whether a (signer-key, pox-addr, reward-cycle, period, topic, max-amount, auth-id) tuple has been used.

[codecov]

Codecov Report

Attention: Patch coverage is 96.74064% with 47 lines in your changes are missing coverage. Please review.

Project coverage is 83.20%. Comparing base (bf5a833) to head (c9d8f8d).

Additional details and impacted files

@@            Coverage Diff             @@
##             next    #4461      +/-   ##
==========================================
+ Coverage   83.17%   83.20%   +0.02%     
==========================================
  Files         451      451              
  Lines      324497   325724    +1227     
  Branches      318      323       +5     
==========================================
+ Hits       269908   271015    +1107     
- Misses      54581    54701     +120     
  Partials        8        8              

Files	Coverage Δ
stacks-signer/src/main.rs	36.02% <100.00%> (+3.75%)	⬆️
...kslib/src/chainstate/nakamoto/coordinator/tests.rs	99.78% <100.00%> (+<0.01%)	⬆️
stackslib/src/chainstate/stacks/boot/mod.rs	94.76% <100.00%> (+0.03%)	⬆️
...tackslib/src/chainstate/stacks/boot/pox_4_tests.rs	99.67% <100.00%> (+0.13%)	⬆️
stackslib/src/net/tests/mod.rs	96.71% <100.00%> (+0.01%)	⬆️
...net/stacks-node/src/tests/nakamoto_integrations.rs	95.10% <100.00%> (+0.03%)	⬆️
stackslib/src/util_lib/signed_structured_data.rs	97.86% <98.41%> (+0.07%)	⬆️
stacks-signer/src/cli.rs	33.07% <0.00%> (-0.53%)	⬇️
stackslib/src/chainstate/stacks/boot/pox-4.clar	4.19% <0.00%> (-0.16%)	⬇️

... and 24 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bf5a833...c9d8f8d. Read the comment docs.

[hstove]

@kantai I just re-requested review after pushing some documentation improvements

[jferrant]

Nice! :D extensive testing is great.

[setzeus]

This is some great work here @hstove, good job on the thorough tests in pox_4_tests. Couldn't see anything in pox-4 or related works that called my attention.

LGTM.

[zone117x]

If it's not too much of a hassle, could you add signer key to the pox4 increase synthetic event? If that's a pain we can do in a later PR

[hstove]

@zone117x good call and I should have caught that earlier. Let's get this merged and I made a new ticket: #4490