Improve Global E-Stop

[guyfleeman]

We've got much better error detection and handling at the stspin layer and can detect missing PCBs, but the way we handle this info is missing or blunt. Notable examples are a system power reset when comms time out, and no detection/correction for faulted motors. We should have a global estop manager that aggregates failures and contains some of access control list type of thing where major functions are enabled or disabled based on the aggregate of current errors (e.g. dribbler fault should not stop motion, a single motor failure should arguable not stop motion but restrict it, two motor failures should certainly stop motion, specific failures should automatically trigger kicker auto discharge).

We should consider at least the following list or errors:

• dribbler failures
• single motor failure
• multiple motor failure
• unplugged radio
• comms timeout
• unplugged IMU
• IMU failed self test
• unplugged kicker
• low battery voltage
• critical battery voltage

We should consider the following classes of actions:

• forcing reduced motor velocity
• forcing 0 motor velocity
• forcing power off / lower power state
• forcing kicker discharge procedure

[joe-spall]

IMU inopt, battery too low, and robot tipper over -> should dribbler + drive motor velocity goes to zero. These should be in controller robot state for global access. We should make LEDs blink based on the error case for diagnosing.

Want some hysteresis when the errors clear (wait 1 second etc)