Critical changes should use two-step procedure

[code423n4]

Handle

WatchPug

Vulnerability details

It's a best practice to use a two step process for changes of critical settings like setGovernance().

Lack of two-step procedure for critical operations leaves them error-prone.

[GalloDaSballo]

Agree with finding, agree with severity