Extract hs-ucan from fission-core

[matheus23]

This is work on #561

To do this, some dependencies on fission-specific UCAN stuff had to be broken up. The main point here being the definition of Fact and the resource type Scope Resource. (In hindsight I think Scope actually still belongs to hs-ucan, but now I've already done it this way, and we'll have to change these parts of the code when supporting the new UCAN version anyway.)

That means that we can't directly run JWT.check and know how to check delegation validity in UCANs. So I've abstracted that logic out into a ResourceSemantics class:

class ResourceSemantics rsc where
  canDelegate :: rsc -> rsc -> Bool

(Which is structurally equivalent to something like a PartialOrder typeclass, but I like giving it a dedicated name.)

There are still some parts that need work.

1. [x] I need to still get the tests compiling (and then working?)
2. [x] I don't 100% like how the fission-core and hs-ucan packages separated. E.g. I don't think Error.AlreadyExists should be a hs-ucan module.
3. [x] Generally I'll need to look through hs-ucan's .Internal modules again, making sure that we really only have modules in there that make sense
4. [x] I think I want to introduce a Web.JWT module, which reexports Web.JWT.Types. My current thinking is: Let's introduce that file once we have something to put into it.
5. [x] I don't like how fission-core's newtype around the hs-ucan JWT works. Either both newtype JWT and newtype Proof or both are type aliases. But if I didn't type-alias Proof, I'd be taking non-newtyped proofs out of JWTs and just re-newtype them. I'm thinking that this might get obsolete when I start working on hs-ucan anyway. I have some recursion-schemes thoughts.
6. [x] I really don't like the module name Web.JWT.* for the hs-ucan stuff. I'd love some input. Maybe Web.Ucan.*?
7. [x] Oh yeah and I need to figure out a better way to do the Proof.Resolver class, which now has 3 type parameters instead of one.

And a final TODO item unrelated to hs-ucan or fission-core:

• [x] Get all other packages & tests compiling again

[matheus23]

Don't you like it when your TODO list grows while you're chasing TODO items? :P

• [x] Re-rename everything to use uppercase UCAN instead of Ucan
• [x] Abstract over Web.Ucan.Potency
• [x] Rename ResourceSemantics to DelegationSemantics
• [x] Split out tests in fission-core (abstract over fission-specific Facts, Resources, Potencys) & move them to hs-ucan

[matheus23]

It seemed like the cachix/install-nix-action@v13 was broken. I upgraded it to v16, and that seems to be running fine :+1:

[matheus23]

I've changed the base branch to ucan-upgrade as per discussion with @expede: We'll keep that as another branch running alongside main while we're upgrading hs-ucan, so we can merge partially-typechecking PRs while stuff is in flux. We keep main clean so we can hotfix stuff. Eventually ucan-upgrade will get merged into main.