Add support for invariant testing

[leighmcculloch]

What problem does your feature solve?

Invariants are statements that can be made about a program that should always be true. All programs have invariants, and contracts being largely state machines, it is very achievable for contract developers to write statements for their programs that certain things are always true.

What would you like to see?

I'd like to see the SDK provide a standard way to write invariants for a contract, so that the invariants could be automatically used in a variety of ways to detect unexpected behavior:

• Use in standard test runs, by running the invariants after every invocation (not just after every test) to ensure that the contract state didn't end up in a state that is invalid.
• Use in fuzz tests.
• Potentially in the future as something that can be exported and used in monitoring of on chain contracts.
• Potentially in the future as something that can be exported and used for validating the affects of upcoming protocol changes.

What alternatives are there?

It could be argued that some invariants can be written as efficient assertions, and as such the infrastructure for invariants isn't necessary since assertions can be littered throughout the program code gaining the benefit that it is running on chain too. However, invariants can be more powerful than assertions because an invariant might operate on all state that a contract has, which an assertion in the standard program execution would never have access to.

Fuzz tests typically contain invariants, and people already write fuzz tests for Soroban contracts, so it could be argued we don't need new infrastructure/features for invariants, but I think the potential for wider use of invariants in most places makes this valuable.