Restrictive flags needed for running Devnet in an untrusted environment

[FabijanC]

When Devnet is used e.g. as-a-service or in CTF competitions, it would be good to prevent it from being loadable or restartable via endpoints (if somebody thinks of other misuses, please mention them in this issue). Instead of having one flag to turn off each of these individual functionalities, I would introduce one that blocks them all, e.g.:

$ starknet-devnet --as-a-service

This flag would also incorporate the --disable-account-impersonation flag (perhaps one is enough?)

[marioiordanov]

I suggest the flag to be --disable-devnet-endpoints or --restrictive

[marioiordanov]

minting have to be forbidden for CTF solvers

[FabijanC]

I suggest the flag to be --disable-devnet-endpoints or --restrictive

Makes sense. Once we migrate to having only JSON-RPC API, implementing this would be as simple as blocking devnet_ methods. Unless there are some that would be useful (devnet_getConfig? devnet_getAccountBalance?)

[marioiordanov]

Or maybe a cli argument that can accept a string of comma separated methods. It will override the default ones (declared in code).