lang: add token account constraint that verifies a token account is "clean"

[paul-schaaf]

token::clean -> account must have: no delegate, no close authority

[paul-schaaf]

blocked by https://github.com/project-serum/anchor/issues/1222

[paul-schaaf]

maybe it would be even better to forbid delegate and close authority by default instead and then have two attributes to enable them if needed.

[armaniferrante]

Agreed. Let's force accounts to be clean and require programs to opt in to dirty.