[move-vm][rac] Bytecode verification

[wrwg]

Description

This adds bound checking bytecode verification to access specifiers. Besides this, no further action the verifier is needed for RAC specifiers.

How Has This Been Tested?

Unit tests have been added for verification failures.

Type of Change

• New feature
• Bug fix
• Breaking change
• Performance improvement
• Refactoring
• Dependency update
• Documentation update
• Tests

Which Components or Systems Does This Change Impact?

• Validator Node
• Full Node (API, Indexer, etc.)
• Move/Aptos Virtual Machine
• Aptos Framework
• Aptos CLI/SDK
• Developer Infrastructure
• Move Compiler
• Other (specify)

[trunk-io]

⏱️ 38m total CI duration on this PR

Job	Cumulative Duration	Recent Runs
check-dynamic-deps	22m	🟩 🟩 🟩 🟩 🟩 (+4 more)
rust-cargo-deny	9m	🟩 🟩 🟩 🟩 🟩
semgrep/ci	3m	🟩 🟩 🟩 🟩 🟩 (+4 more)
general-lints	2m	🟩 🟩 🟩 🟩 🟩
file_change_determinator	54s	⬜ 🟩 🟩 ⬜ 🟩 (+3 more)
permission-check	21s	🟩 🟩 🟩 🟩 🟩 (+4 more)
permission-check	19s	🟩 🟩 🟩 🟩 🟩 (+4 more)
check-branch-prefix	1s	🟩

_{settings ⋅ feedback ⋅ docs ⋅ learn more about trunk.io}

[wrwg]

• [move][rac] Programmatic API for Resource Access Control #16130
• [move-vm][rac] Bytecode verification #16092 👈 (View in Graphite)
• [move][rac] Revising resource access control #16081
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[rahxephon89]

@wrwg prop test is still failing with unmatched txn execution status.

[georgemitenkov]

Based on documentation:

/// The index of a parameter of the current function. If `modifier` is not given, the
/// parameter must have address type. Otherwise `modifier` must be a function which takes
/// a value (or reference) of the parameter type and delivers an address.

I am not familiar with this code, where do we check that the type at index in sign is address iff fun_opt.is_none()? Where do we check the function signature that it returns an address?