Implement ZCash address discovery

[cypt4]

Resolves brave/brave-browser#33662

Resolves

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[nuo-xu]

iOS++

[cypt4]

needs-security-label removed since feature is under the flag. And will have separate sec-review before the release

[supermassive]

We don't need extra pos variable.
data_ = std::string(data_view); should be enough

[supermassive]

Is header part of message?
should that be data.substr(kGrpcHeaderSize, *data_to_read_) ?

[cypt4]

Yes it is

[github-actions]

[puLL-Merge] - brave/brave-core@21150

Description

This pull request implements additional functionalities and improvements for the Zcash component within the Brave Wallet, focusing on the handling of Zcash accounts, receiving addresses, and the streamlining of transactions and discovery processes. This change aims to provide better support for Zcash operations and enhance the overall user experience while interacting with Zcash-related features in the Brave Wallet.

Changes

Here's a breakdown of the changes organized by file:

BUILD files

• components/brave_wallet/browser/BUILD.gn
• components/brave_wallet/browser/test/BUILD.gn
  • New files zcash_grpc_utils.cc and zcash_wallet_service_tasks.cc have been added to the appropriate source sets.

Protobuf files

• components/brave_wallet/browser/zcash/protos/zcash_grpc_data.proto
  • New protobuf message TransparentAddressBlockFilter includes a BlockRange and address, likely used for filtering transactions by address and block range.

C++ Source files

• components/brave_wallet/browser/brave_wallet_service.cc
  • Functions for generating receiving addresses and getting Zcash account info have been updated.
  • Added new function RunDiscovery to identify the next unused address.
• components/brave_wallet/browser/keyring_service.cc
  • Refactoring to use mojom::ZCashAddressPtr and mojom::AccountIdPtr.
  • New functions for getting Zcash addresses and account info have been implemented.
• components/brave_wallet/browser/zcash/zcash_grpc_utils.cc/h
  • New utility file handling gRPC message streaming.
• components/brave_wallet/browser/zcash/zcash_keyring.cc/h
  • Updated to return a mojom::ZCashAddressPtr instead of a plain string.
• components/brave_wallet/browser/zcash/zcash_rpc.cc/h
  • Added IsKnownAddress function to check if a given Zcash transparent address has associated transaction history.
• components/brave_wallet/browser/zcash/zcash_wallet_service_tasks.cc/h
  • New file defining tasks related to creating Zcash transactions and discovering unused addresses.

Unit Tests

• components/brave_wallet/browser/test/zcash/zcash_grpc_utils_unittest.cc
• components/brave_wallet/browser/zcash/zcash_keyring_unittest.cc
  • New and updated unit tests for Zcash components.

Security Hotspots

• Addition of new gRPC utility functions (ResolveSerializedMessage and GetPrefixedProtobuf) in zcash_grpc_utils.cc could introduce risks if input is not validated properly and buffer overflows are possible. Defensive coding and validations must be in place.
• Modifications to keyring_service and usage of sensitive methods like SignMessageByZCashKeyring, UpdateNextUnusedAddressForBitcoinAccount, and UpdateNextUnusedAddressForZCashAccount. Proper checks should be implemented to make sure the keyring service is secure and cannot be exploited.
• Use of URLs for making gRPC calls in zcash_rpc.cc. The URLs should be properly constructed and validated to prevent SSRF and similar attacks.

[bridiver]

why are these RefCountedThreadSafe? Use of ref-counting should be limited to cases where something is truly shared and also this class does not appear to be thread safe
https://www.chromium.org/developers/coding-style/important-abstractions-and-data-structures/#scoped_refptrt-baserefcounted-baserefcountedthreadsafe

[bridiver]

if this is passed an empty callback it will leak