Audit and remove unwanted builtin-actor code for FVM

[anorth]

The built-in actors were developed in an environment assuming there were no user-programmed actors. Some of the basic ones like the Init actor, multisig, payment channel have code in them that will limit their use by user-programmed actors once available.

As an example, the Init actor has an allow-list for which actor code CIDs are permitted to initialise which other actors, which is scoped to allow only the known actors. It may be ok (if unnecessary) to retain some kind of restriction on creation of built-in miner or singletone actors, but as written this will prevent anyone creating any other actor.

Various actors also contain caller checks that prohibit callers outside the built-in account and multisig actor. But anything that permits the built-in multisig should permit any actor to call it.

cc @jennijuju @ZenGround0 @arajasek

[anorth]

I would expect we don't need a FIP for the change here unless they change some behaviour to be other than what might be expected had we had user-programmed actors from the start.

[jennijuju]

@ZenGround0 is going to take the first pass on audit what's need to be cleaned up.
Then one of the lotus team member may pick it up.

[anorth]

Another item: the payment channel requires that addresses are of account actors specifically. If we implement either account abstraction or a standard signature verification method, we should instead delegate signature checking to the actor in question. cc @arajasek

(all calls to resolve an actor code CID are suspect)

[anorth]

The miner actor only supports built-in accounts and multisigs as control addresses

[anorth]

Almost anything that uses the built-in actor Type enum is suspect. We probably want to remove these syscalls entirely, so we need to remove the users of them. Most urgent is the paych and multisig (or any actor that uses their type). Ref #520