Inconsistently, heap exo object state can store non-Passables.

[erights]

I noticed while reviewing https://github.com/Agoric/agoric-sdk/pull/7891 and thinking about zone.isStorable.

The premise of isStorable should be that if a value is storable for a given zone, then it can also be used as values in mapStores made by that zone, and be held in exo instance state variables. The current implementation of heap mapStores in @agoric/store does successfully enforce that it only stores Passable values. However, the heap exo class maker and class kit maker does not check that the values of the state variables are Passable. Thus

• the heapZone has no one consistent answer to use for isStorable
• refactoring between heap exos and virtual exos can be more surprising than refactoring from heap mapStores to virtual mapStores.

Further, while heap mapStores understand and enforce keyShape and valueShape, heap exos silently ignore stateShape. This again makes refactoring from, for example, heap to virtual more surprising for exos than for mapStores.

[mhofman]

First stab at this in https://github.com/Agoric/agoric-sdk/pull/10170