Governance: TokenOwnerRecord locks

[SebastianBor]

Summary

Make it possible to control governance token withdrawals by external authority. The main use case is to support chained governance plugins where a middle chain plugin can decide whether tokens held by another plugin can be withdrawn. This requirement exists for the Clans plugin which allows members to join clans to aggregate their voting power and vote as a single entity. When members join a clan then they can't withdraw their tokens which would be held by another plugin.

There are potentially over use cases where more advanced token locking scenarios could be implemented. For example a DAO could issue a grant or distribute rewards in exchange for a longer token lockup or a DAO could decide proposal creators should have their tokens locked for a longer time then the duration of the proposal.

The time based locking mechanism can also replace the current unrelinquished_votes_count base mechanism to lock voters tokens during vote on active proposals. Once this is implemented it won't be necessary to manually relinquish votes for each proposal to allow withdrawals, which is currently a source of pain for users.

Implementation

Instructions SetTokenOwnerRecordLock and RelinquishTokenOwnerRecordLocks where added to allow setting and removing permanent and time based locks for TokenOwnerRecords

The authorities which are allowed to control the locks are stored in GoverningTokenConfig separately for each governing token. In order to facilitate setup of the authorities a new instruction was added SetRealmConfigItem.
The new instruction is an improvement over SetRealmConfig and allows to set one config item at a time. It makes it easier to reason about the changes made by the instruction because there is no need for configuration diff and the change is still visible in a proposal after executing it while the diff based change is lost. It also makes it safer by preventing accidental changes to the configuration by using invalid diff logic. All Realm and Governance config changes should eventually be supported by the single item logic.

The implementation is backward compatible and the relevant accounts RealmConfig and TokenOwnerRecord are translated and/or extended if necessary to a new size to accommodate the additional data.

This change makes the payer account mandatory for SetRealmConfig. It was treated in the api as mandatory before but the code was fetching it conditionally which is no longer the case.

[joncinque]

Looks great for the most part! Just one part to address, and a few nits

[joncinque]

Looks great!

Pull request has been modified.

[joncinque]

Just one little nit, but it can be addressed in a follow-up. Looks good!

Pull request has been modified.