Evaluate Storacha flow to harden system

[tupui]

Follow up of #95

After looking at the doc of storacha a bit more, I think that what we will want to do is this https://web3.storage/docs/how-to/create-account/ Use the CLI to create an account for a project and then use the login via email method to get the delegation https://web3.storage/docs/how-to/upload/#claim-delegations-via-email-validation This way we also have a separate space for each project which is cleaner.

The free tier should be enough for most projects. Large projects would be free to subscribe to a paid option if they have more need.

We will want to make a nice user story for the registration with screens to explain what is going to happen and why they are being asked to register to Storacha, etc.

[0xExp-po]

yes
but in this method, our app users should register and use their own account and space to store proposals instead of auto storing with our service account
it will be inconvenient to the users than current method
how do you think about it @tupui?

[tupui]

I have another idea. We can make a challenge and ask users to sign it as a transaction. Then the backend check if the signature is valid and belong to a maintainer and only gives a delegation in that case. This way we are certain only maintainers can get a delegation. Later on, we can also limit the number of proposals being created by a certain project and possibly make them pay for more proposals for example.

Since we are going to send the proposal to the smart contract, we combine the two transactions to do that.

[tupui]

Putting this note here as well. There is the concept of policies that we could use otherwise. See this https://github.com/kalepail/do-math It would allow us to perform multiple operations without needing to sign multiple time. i.e. we sort of have a concept of session.