[New Permission 3/5] smartcontract: enforce Permission-based authorization in existing instructions

[juan-malbeclabs]

Permission rollout — stacked PR series. Review/merge order:

1. #3206 — enforce Permission-based authorization in existing instructions
2. #3942 — define topology/resource/index permission flags (3/4) — stacked on [New Permission 3/5] smartcontract: enforce Permission-based authorization in existing instructions #3206
3. #3943 — enforce topology/resource/index permission flags (4/4) — stacked on [New Permission 4/5] smartcontract: define topology/resource/index permission flags #3942

Retarget each PR's base to main as its upstream merges.
👉 You are here: #3206 (base of the follow-up stack).

PR 5 of 5 in the original Permission series. Review order: PR 1: scaffold → PR 2: authorize() → PR 3: CRUD processors → PR 4: SDK+CLI → PR 5 (this).
This diff is against jo/permission-crud-sdk-cli.

Summary of Changes

• Wires authorize() into all existing instruction processors that require privileged access: accesspass/{close,set}, multicastgroup/subscribe, and user/{ban,closeaccount,create,create_subscribe,delete,requestban} — each processor now appends the caller's Permission PDA as an optional trailing account
• Deletes processors/user/create_core.rs (328 lines) by absorbing its logic directly into create.rs, eliminating a layer of indirection that was only needed before the authorization refactor
• Adds DZClient::build_and_send() helper in the Rust SDK that automatically checks for and appends the caller's Permission PDA as a trailing account when it exists on-chain, making permission account usage transparent to callers
• Updates all affected Rust SDK commands (user, tenant, accesspass, permission) to use build_and_send() so they automatically include the Permission account
• Updates the activator to pass the Permission account when issuing user-related instructions

Diff Breakdown

Category	Files	Lines (+/-)	Net
Core logic	12	+680 / -625	+55
SDK	14	+145 / -355	-210
Activator	1	+4 / -4	0
Tests	1	+9 / -281	-272
Config	1	+6 / -1	+5

Net code reduction overall — the authorization refactor removed more duplication than it added.

Key files (click to expand)

• smartcontract/programs/doublezero-serviceability/src/processors/user/create.rs — absorbs create_core.rs, adds authorize() call; now the single source of truth for user creation
• smartcontract/programs/doublezero-serviceability/src/processors/user/create_subscribe.rs — refactored to call authorize(), with account layout updated to accept optional trailing Permission PDA
• smartcontract/sdk/rs/src/client.rs — new build_and_send() method: looks up caller's Permission PDA, appends it as a read-only trailing account if it exists, then signs and sends the transaction
• smartcontract/programs/doublezero-serviceability/src/processors/multicastgroup/subscribe.rs — adds authorize() for ACCESS_PASS_ADMIN check; old inline allowlist check replaced
• smartcontract/programs/doublezero-serviceability/src/processors/user/create_core.rs — deleted (328 lines); logic consolidated into create.rs
• smartcontract/sdk/rs/src/commands/user/create_subscribe.rs — gutted (299 lines removed) as the user-creation logic it duplicated is now fully in the program processor
• smartcontract/programs/doublezero-serviceability/src/processors/accesspass/close.rs — adds authorize() for ACCESS_PASS_ADMIN
• smartcontract/sdk/rs/src/doublezeroclient.rs — adds get_permission_pda_for_payer() convenience method used by build_and_send()

Testing Verification

• tests/create_subscribe_user_test.rs updated to reflect the simplified processor — existing passing tests confirm the create_core consolidation is behavior-preserving
• tests/permission_test.rs (from PR 3) covers the authorize() enforcement paths invoked by these processors
• make rust-test passes with all affected processors and SDK commands