impr: dev_security prod mode & dev_pot authorities federation

[charmful0x]

Federated Authorities

this PR focus on hardening ~pot@1.0 resource auth and splits resource write authority from weight-update authority -> authority federation

new model

• deposit/withdraw are authorized by per resource resource-authority
• weight updates can be authorized by per resource weight-authority
• resource config changes (resource-authority*, weight-authority*) remain pot-admin only:
  • parent
  • or mint-authority

also resource-authority and weight-authority now support the normal dev_security signer policy shape:

• single signer
• signer list
• *-required
• *-match

which results in the followingdev_security usage hardening:

• resource writers can no longer update weights
• weight updaters can no longer rotate authorities
• only mint-authority / parent can rotate resource config (both resources and weights)

Prod Security Mode

added a new field to the Opts dev_security_mode => prod which enables fail-closed dev_security enforcement on the pot public authority paths (verify_resource_authority, verify_weight_authority, and register)

effect:

• missing authority policy no longer defaults open on these paths
• empty signer lists are rejected at config time
• explicit signer policies are required for prod resource writes, weight updates and admin config

child pot behavior:

• fwd parent register notifications now set both:
  • resource-authority = Parent
  • weight-authority = Parent
• so child mints explicitly trust their direct parent process for inherited resource config and writes, instead of relying on permissive defaults