lang: IDL authority should use the program upgrade authority

[armaniferrante]

Instead of there being a separate idl authority, the existing upgrade authority account should be used.

[paul-schaaf]

Some more context from @armaniferrante

IDL authority should default to the program upgrade authority. Currently, the IDL accounts live at deterministic addresses associated with the program ID. However, anyone can upload the first IDL, which sets the authority--which must be used for subsequent updates. Instead, this should just be the program upgrade authority.

I'll get to work on this one

[paul-schaaf]

@armaniferrante u said it should "default" to the program upgrade authority, implying that there can be other authorities but I wonder whether this is necessary. If there is a program upgrade authority, I think it would be fine to be opinionated and not allow a different authority which would also simplify key management for the user. If there is no program upgrade authority, I dont see a reason why anyone should be able to update the IDL.

If there is a reason to have two distinct authorities, I would still suggest forcing that the program upgrade authority is the signer on the idl init instruction which sets the idl authority

[armaniferrante]

Having a single authority for both the IDL and program upgrade sounds great.

[Henry-E]

Anchor never really added much support (i think) for loading up program metadata accounts. If it did have native support for those account types then it should be as simple as adding the deprecated pub program_meta: ProgramAccount<'info, ProgramMetadata> and accessing the program_meta.upgrade_authority.

We'd have to add support for deserializing into the upgradeable loader state and accessing just the authority_address.

Not hugely complicated if anyone reading this wanted to look into it.