[FINAL] feat: [EXC-1676] add allowed viewers variant to canister's log visibility

[maksymar]

This PR adds allowed_viewers variant to canister's log_visibility which allows to fetch logs by specified number of principals.

[mraszyk]

One more point from the Interface spec meeting: should the canister itself be allowed to fetch the logs implicitly, just like it can fetch the canister status even if the canister does not control itself?

[dsarlis]

One more point from the Interface spec meeting: should the canister itself be allowed to fetch the logs implicitly, just like it can fetch the canister status even if the canister does not control itself?

As long as we don't allow fetch_canister_logs through composite queries then the canister cannot really fetch the logs. Or you mean that the canister would make an HTTPS outcall to fetch the logs? I doubt that would be particularly useful to anyone.

[mraszyk]

Or you mean that the canister would make an HTTPS outcall to fetch the logs?

That won't work implicitly anyway as the HTTPS outcall would have a self-authenticating caller that would need to be whitelisted explicitly.

[mraszyk]

@dfx-json The PR looks good to me, but the feature is still disabled in production so I haven't approved yet.