Intro Host resource to enhance contract account security & add test suite

[sisyphusSmiling]

It was realized when reviewing a similar pattern that publishing unrestricted AuthAccount Capabilities introduces enough risk to be considered an anti-pattern.

This PR introduces changes to the (formerly named ContractUpdater) StagedContractUpdates contract that allow contract-hosting accounts to wrap their AuthAccount Capabilities in a Host resource before publishing to the account that will store the Updater resource defining their full update deployment. This restricts the access on the underlying account to the contract update API and nothing else from the time of transfer onward and is significantly safer than passing a full AuthAccount Capability.

Also introduced in this PR is a Cadence test suite as well as a testing workflow action on pull request and merge to main.

[codecov-commenter]

Welcome to Codecov 🎉

Once merged to your default branch, Codecov will compare your coverage reports and display the results in this comment.

Thanks for integrating Codecov - We've got you covered ☂️

[sisyphusSmiling]

Note this was renamed to StagedContractUpdates.cdc, but I think the GitHub UI is confused and is reflecting as a delete + new file. There are likely a number of other instances where renaming + changes cause this mixup in the UI - sorry for any confusion!

[joshuahannan]

It would be good to make sure each transaction has a comment at the top describing what it does

[joshuahannan]

Do we need to validate the blockUpdateBoundary?

[joshuahannan]

I guess we don't know when cadence 1.0 will be released yet, so we can't really choose a block yet

[sisyphusSmiling]

Yeah, that's my thought. I figured we would pass that value on deployment once the boundary is known. The coordinator can also update the value as long as the updated value is advanced.

[sisyphusSmiling]

Thanks for approving @joshuahannan, I'll update transactions missing comments shortly.