Improve bufbuild linting to catch modified proto paths

[conorsch]

Is your feature request related to a problem? Please describe. Changes to the protobuf specs may result in failing builds, such as: https://github.com/penumbra-zone/penumbra/actions/runs/3650338373/jobs/6166192033

Describe the solution you'd like Our per-PR protobuf linting should catch problems like this.

Describe alternatives you've considered Workaround is to 1) notice the failure ; then 2) manually run buf mod update and commit the results, e.g. https://github.com/penumbra-zone/penumbra/commit/e5707669894165935df036f592ba77553fe1ec4b

Additional context From https://github.com/bufbuild/buf-push-action :

Note, if any of the modules defined in your workspace depend on each other, you usually need to run buf mod update so that the downstream module uses the upstream module's latest commit. This is not supported by buf-push-action on its own - you'll need to stitch https://github.com/bufbuild/buf/issues/838 functionality into your workflow on your own. For more details, see this discussion.

[conorsch]

We can do this by running buf mod update in CI and checking whether we have a dirty git tree afterward. The change will be to a buf.lock file, if present.

Why do we not have a buf.lock file for the vendored protos at https://buf.build/penumbra-zone/ibc-go-vendor ? I will add one as part of these changes, unless someone objects.

[conorsch]

This works! Just caught a missed lockfile in https://github.com/penumbra-zone/penumbra/actions/runs/3831951084/jobs/6521693508