Add dependency audit contract

[janezpodhostnik]

ref: https://github.com/onflow/flow-go/issues/5858 ref: https://github.com/onflow/flow-core-contracts/pull/430

Description

This is intended to work together with this FVM PR https://github.com/onflow/flow-go/pull/5908 which is already deployed on testnet, so this can be deployed when it is ready. The contract is going to get called from the FlowServiceAccount. The PR for that is here: https://github.com/onflow/flow-core-contracts/pull/430

This is only needed pre-1.0 and the checkDependencies function can (and will) be removed post-1.0. At that point the DependenciesAudit contract also becomes useless.

When deploying DependenciesAudit the service accounts (those containing service account contracts) will be listed as excluded addresses. More can be added later.

Open questions:

• Is it ok to just have excludedAddresses or do we want to exclude specific contracts from the check?
• Should we stage it? migrate it? or just let it expire, because we don't need it after 1.0 anyway

  ---

For contributor use:

• [x] Targeted PR against main branch
• [x] Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
• [ ] Code follows the standards mentioned here.
• [ ] Updated relevant documentation
• [ ] Re-reviewed Files changed in the Github PR explorer
• [ ] Added appropriate labels

[sisyphusSmiling]

Is it ok to just have excludedAddresses or do we want to exclude specific contracts from the check?

I think excluding addresses is okay assuming excluded contracts will be core contracts in which case all contracts at those addresses would be excluded

Should we stage it? migrate it? or just let it expire, because we don't need it after 1.0 anyway

I guess that depends on 1) What happens to contracts that fail to update - Are they removed from execution state automatically or would we be leaving garbage without collection? 2) Do we expect all dependencies to migrate without dependency on this contract?

IMO if contracts that fail to update are simply removed from execution state and all dependencies migrate without dependency on this contract, it's probably not a problem to continue without staging. If however we're leaving garbage by not staging it and/or dependencies will fail their migration without staging this contract, we should stage this contract.

[janezpodhostnik]

1. What happens to contracts that fail to update - Are they removed from execution state automatically or would we be leaving garbage without collection?

They would be left as garbage.

2. Do we expect all dependencies to migrate without dependency on this contract?

No-one should depend on this contract. The only contract that depends on this contract is the service account, but that dependency will be removed during the upgrade itself.

I think it might be best to still stage it, so that it is functional after the upgrade and can be gracefully cleaned up if needed. I will work on preparing and staging the contract.

[janezpodhostnik]

I opened https://github.com/onflow/contract-updater/pull/34 for cadence 1.0 port