feat: replay attack prevention using watermarks

[krpeacock]

Description

Several reports have been received about an issue affecting how immediately a response from an update call can be used. One example is the following scenario:

an update call is made to create a new resource (e.g. a social media post)

the application navigates to a page that displays the resource (e.g. the post itself)

the application requests the resource by executing a query call and using the resource id

the query hits a replica whos state has not yet been updated

a 404 is returned

the problem is, the resource does exist, it just so happens that 1/3 of replicas may not necessarily be up to date at the same moment the other 2/3’s are

Fixes # SDK-1332

How Has This Been Tested?

New unit and end to end tests, introducing a replay attack test in e2e/node/basic/watermark.test.ts

Checklist:

• My changes follow the guidelines in CONTRIBUTING.md.
• The title of this PR complies with Conventional Commits.
• I have edited the CHANGELOG accordingly.
• I have made corresponding changes to the documentation.

[github-actions]

size-limit report 📦

Path	Size
@dfinity/agent	101.81 KB (+0.7% 🔺)
@dfinity/candid	13.61 KB (0%)
@dfinity/principal	5.04 KB (0%)
@dfinity/auth-client	92.57 KB (+0.8% 🔺)
@dfinity/assets	93.43 KB (+0.61% 🔺)
@dfinity/identity	89.96 KB (+0.91% 🔺)
@dfinity/identity-secp256k1	281.19 KB (+0.31% 🔺)

[chmllr]

Thanks so much Kyle! Please announce the release with this fix on Taggr, I'll give a ⭐️! 😅

[dfx-json]

does this mean that no logs will be printed during test execution?

[krpeacock]

Yes, it's to clean up the console by default when running the tests. However, the logs aren't lost and you can access them as needed