how to limit excess authority when registering a storage node

[0xpatrickdev]

What is the Problem Being Solved?

In a permit for a core-eval, a contract can request access to chainStorage like this:

{
  "consume": {
    "chainStorage": true
  }
}

This grants excess authority and the ability to overwrite other storage nodes.

first observed as a potential SDK improvement in #8194 (comment) - @raphdev

Description of the Design

A similar approach to this suggestion, where chainStorage is limited to particular path(s):

{
  "consume": {
    "chainStorage": {
      "myNode": true
    }
  }
}

Security Considerations

The goal of this ticket is to limit excess authority granted around chainStorage during the core-eval process.

Scaling Considerations

Test Plan

Upgrade Considerations

[raphdev]

Worth noting this was first observed as a potential SDK improvement in #8194 (comment)

[dckc]

We have a prototype in Agoric/dapp-offer-up@0c894f6

I don't think that one (Agoric/dapp-offer-up#61 ) has landed, but the one in dapp-agoric-basics has:

• feat: deploy-contract tooling; e2e testing support dapp-agoric-basics#16

cc @Jovonni