Provide Basic Cap9 Functionality in the SRML Contracts Module

[Latrasis]

~For #196, we need to setup, in kernel-ewasm/substrate/ (this can be moved later if necessary):~

• ~A basic srml module - Ink?~
• ~A basic test harness~
• ~Scripts for:~
  • ~Running a test~
  • ~Installing Substrate (Optional)~

The cap9 implementation is currently part of the srml contracts module, which is where it will be implemented for now.

• [x] Store a capability list with each contract, this will be its "intrinsic capabilities". All new contracts that are instantiated normally will have the full set of capabilities.
• [x] Provide a mechanism for a contract to relinquish some of its intrinsic capabilities, thereby becoming more restricted.
• [x] Implement some form of delegate call so that we can get other contracts (i.e. procedures) to perform actions on our storage.
• [x] Implement call_with_caps which is a form of delegate call that allows the caller to provide the set of capabilities it wishes, thereby restricting the possible actions of the callee. When no capabilities are passed this is equivalent to static call, when the full set is passed this is equivalent to a delegate call.
• [x] Implement subset checking so that a contract can only pass on the same capabilities it already possess or less.
• [ ] Expand capabilities to be more than just booleans (e.g. the write capability should specify a range of keys that can be written to).

A note on "intrinsic capabilities". Each contract has a set of intrinsic capabilities. Upon a regular instantiation a contract has the full set of capabilities, but they will be able to relinquish some of these. When a user calls into this contract directly, they will not be able to do any more than the contract already allows. This effectively means that a contract can lock itself out of parts of its own storage.

When it calls another contract in turn, it can only pass on capabilities that it already has. When a contract is being called by another contract, its intrinsic capabilities are irrelevant.

[JakeOShannessy]

The test harness is currently in the form of "deploy-flipper" and deploys some very raw contracts for testing. As we add opcodes we can test them here.

[JakeOShannessy]

Downgrading of intrinsic capabilities and subset checking is now implemented.

[JakeOShannessy]

I've also updated the README with more information about how all these things work together. One current property that is slightly inelegant is that there is intrinsic capabilities, which describe what a contract can do by default, and contextual capabilities, which are the capabilities the contract has been called with. We probably don't want these two different things so in future it would be wise to plan out a more formal system.

[Latrasis]

Linking the changes from substrate-daohub: https://github.com/paritytech/substrate/compare/master...Daohub-io:daohub

[Latrasis]

Closing with #201