Adding new authorization type for IBC transfer in authz

[jonathanjmak]

Summary

Currently in the Cosmos SDK, the main types of authorization are stake, send, and generic authorization. With stake and send, there is an allowlist for authorization. However, if you wanted to authorize an IBC transfer, you would need to use generic authorization, which exposes unnecessarily loose permissions (because there is no allowlist, theoretically the authorized entity could IBC transfer to any address). We want to add in an authorization for IBC transfers to specific addresses via the allowlist.

Problem Definition

You don't want to use generic authorization for tasks outside of stake and send. It would make sense to add in an authorization type for IBC transfers given that is one of the most common use cases of the ecosystem. One example where this would be useful is authorizing an entity to programmatically conduct an IBC transfer to your existing wallets. Currently, you need to manually IBC transfer assets across chains yourself, but having this would allow you to easily IBC transfer assets across chains from an entity's app without the need to expose unnecessary authorizations.

Proposal

1. A new authorization type IBCTransferAuthorization
2. Parameters: AllowList, SpendLimit
AllowList would contain a list of addresses authorized to receive IBC transferred assets
   SpendLimit is the amount that is authorized for each IBC transfer asset
3. Optional Parameters: Port,Channel

You can make implementation almost identical to SendAuthorization except now you are also making a new authorization type for IBC Transfers.

Very similar to this issue that was accepted: #12609
PR closing the above issue: #12648

[aaronc]

I think this belongs in the ibc repo to not introduce a circular dependency on IBC

[jonathanjmak]

Thanks for your feedback! Added here: cosmos/ibc-go#2431