feat: add deploy and rebuild on missing library dependencies

[aon]

What 💻

• Adds the feature to detect missing library dependencies on build
• Adds the feature to deploy missing library dependencies and rebuild project

The flow for detecting and deploing missing library dependencies is the following:

1. Developer attempts to build the project with zkforge zkbuild.
2. Compilation fails due to missing library dependencies.
3. Developer is prompted to deploy libraries first. Information of missing library dependencies is saved to a temporary file in the project.
4. User runs zkforge zkcreate --deploy-missing-libraries --private-key <PRIVATE_KEY> --rpc-url <RPC_URL> --chain
5. Libraries are built and deployed following the necessary order to avoid having missing library dependencies, e.g.:
   a. Contract Counter depends on library Math which itself depends on library FixedPoint.
   b. Zkforge detects this dependency tree, and starts by building and deploying FixedPoint.
   c. After FixedPoint has been deployed, Math library is built and deployed linking the address of the deployed FixedPoint library.
   d. Finally, the foundry.toml configuration file is updated with the deployed addresses of the libraries
6. Project is built with the linked dependencies.

Why ✋

• Fixes Compiler Fails to Respect Configuration for Non-Inlinable Libraries Deployment #260

Evidence 📷

[dutterbutter]

Can we do the following:

• Can we update so that when this is hit:

Error:
Failed to compile smart contracts with zksolc: Missing libraries detected [ZkMissingLibrary { contract_name: "Maths", contract_path: "src/Maths.sol", missing_libraries: [] }]

We also inform the user to run the command:
zkforge zkcreate --deploy-missing-libraries --private-key <PRIVATE_KEY> --rpc-url <RPC_URL> --chain

• Can we also update the README.md to reflect the new flow.

Other then that it worked as described! LGTM

[dutterbutter]

@aon do you know which lib is triggering the cargo deny?

[aon]

Yes, the libraries are snow and libgit2

error[vulnerability]: Unauthenticated Nonce Increment in snow
    ┌─ /github/workspace/Cargo.lock:843:1
    │
843 │ snow 0.9.4 registry+https://github.com/rust-lang/crates.io-index
    │ ---------------------------------------------------------------- security vulnerability detected
    │
    = ID: RUSTSEC-2024-0011
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0011
    = There was a logic bug where unauthenticated payloads could still cause a nonce
      increment in snow's internal state. For an attacker with privileges to inject
      packets into the channel over which the Noise session operates, this could
      allow a denial-of-service attack which could prevent message delivery by
      sending garbage data.
      
      Note that this only affects those who are using the stateful TransportState,
      not those using StatelessTransportState.
      
      This has been patched in version 0.9.5, and all users are recommended to
      update.
    = Announcement: https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3
    = Solution: Upgrade to >=0.9.5 (try `cargo update -p snow`)
    = snow v0.9.4
      └── zksync_consensus_network v0.1.0
          ├── zksync_consensus_bft v0.1.0
          │   ├── zksync_consensus_executor v0.1.0
          │   │   └── zksync_core v0.1.0
          │   │       └── era_test_node v0.1.0-alpha.14
          │   │           ├── era_cheatcodes v0.2.0
          │   │           │   └── foundry-evm v0.2.0
          │   │           │       ├── anvil v0.2.0
          │   │           │       │   ├── (dev) forge v0.2.0
          │   │           │       │   │   └── zkforge v0.2.0
          │   │           │       │   └── (dev) zkforge v0.2.0 (*)
          │   │           │       ├── anvil-core v0.2.0
          │   │           │       │   ├── anvil v0.2.0 (*)
          │   │           │       │   └── (dev) anvil-core v0.2.0 (*)
          │   │           │       ├── cast v0.2.0
          │   │           │       │   └── zkcast v0.2.0
          │   │           │       │       └── zkforge v0.2.0 (*)
          │   │           │       ├── chisel v0.2.0
          │   │           │       ├── forge v0.2.0 (*)
          │   │           │       ├── foundry-cli v0.2.0
          │   │           │       │   ├── cast v0.2.0 (*)
          │   │           │       │   ├── chisel v0.2.0 (*)
          │   │           │       │   ├── forge v0.2.0 (*)
          │   │           │       │   ├── zkcast v0.2.0 (*)
          │   │           │       │   └── zkforge v0.2.0 (*)
          │   │           │       ├── zkcast v0.2.0 (*)
          │   │           │       └── zkforge v0.2.0 (*)
          │   │           └── foundry-evm-core v0.2.0
          │   │               ├── era_cheatcodes v0.2.0 (*)
          │   │               ├── foundry-cheatcodes v0.2.0
          │   │               │   ├── era_cheatcodes v0.2.0 (*)
          │   │               │   └── foundry-evm v0.2.0 (*)
          │   │               ├── foundry-debugger v0.2.0
          │   │               │   ├── forge v0.2.0 (*)
          │   │               │   ├── foundry-cli v0.2.0 (*)
          │   │               │   └── zkforge v0.2.0 (*)
          │   │               ├── foundry-evm v0.2.0 (*)
          │   │               ├── foundry-evm-coverage v0.2.0
          │   │               │   ├── foundry-evm v0.2.0 (*)
          │   │               │   └── foundry-evm-fuzz v0.2.0
          │   │               │       └── foundry-evm v0.2.0 (*)
          │   │               ├── foundry-evm-fuzz v0.2.0 (*)
          │   │               └── foundry-evm-traces v0.2.0
          │   │                   ├── foundry-debugger v0.2.0 (*)
          │   │                   ├── foundry-evm v0.2.0 (*)
          │   │                   └── foundry-evm-fuzz v0.2.0 (*)
          │   └── zksync_core v0.1.0 (*)
          ├── zksync_consensus_executor v0.1.0 (*)
          └── zksync_consensus_sync_blocks v0.1.0
              └── zksync_consensus_executor v0.1.0 (*)

error[vulnerability]: Memory corruption, denial of service, and arbitrary code execution in libgit2
    ┌─ /github/workspace/Cargo.lock:499:1
    │
499 │ libgit2-sys 0.16.1+1.7.1 registry+https://github.com/rust-lang/crates.io-index
    │ ------------------------------------------------------------------------------ security vulnerability detected
    │
    = ID: RUSTSEC-2024-0013
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0013
    = The [libgit2](https://github.com/libgit2/libgit2/) project fixed three security issues in the 1.7.2 release. These issues are:
      
      * The `git_revparse_single` function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the `git2` crate via the [`Repository::revparse_single`](https://docs.rs/git2/latest/git2/struct.Repository.html#method.revparse_single) method.
      * The `git_index_add` function may cause heap corruption and possibly lead to arbitrary code execution. This function is exposed in the `git2` crate via the [`Index::add`](https://docs.rs/git2/latest/git2/struct.Index.html#method.add) method.
      * The smart transport negotiation may experience an out-of-bounds read when a remote server did not advertise capabilities.
      
      The `libgit2-sys` crate bundles libgit2, or optionally links to a system libgit2 library. In either case, versions of the libgit2 library less than 1.7.2 are vulnerable. The 0.16.2 release of `libgit2-sys` bundles the fixed version of 1.7.2, and requires a system libgit2 version of at least 1.7.2.
      
      It is recommended that all users upgrade.
    = Announcement: https://github.com/rust-lang/git2-rs/pull/1017
    = Solution: Upgrade to >=0.16.2 (try `cargo update -p libgit2-sys`)
    = libgit2-sys v0.16.1+1.7.1
      └── git2 v0.18.1
          └── vergen v8.2.5
              ├── (build) anvil v0.2.0
              │   ├── (dev) forge v0.2.0
              │   │   └── zkforge v0.2.0
              │   └── (dev) zkforge v0.2.0 (*)
              ├── (build) cast v0.2.0
              │   └── zkcast v0.2.0
              │       └── zkforge v0.2.0 (*)
              ├── (build) chisel v0.2.0
              ├── (build) forge v0.2.0 (*)
              ├── (build) zkcast v0.2.0 (*)
              └── (build) zkforge v0.2.0 (*)

[aon]

I'm working on the proposed changes, will push the changes in a minute

[dutterbutter]

@aon The snow lib is okay as its apart of zksync-era upstream so we can exclude it from cargo deny. However, I am not sure where libgit2-sys is coming from? I don't see it Foundry upstream or zksync-era? It does request to upgrade to >=0.16.2?

[aon]

@dutterbutter Done! I updated failing packages and now cargo deny is passing.