Automate metadata updates for stock signer

[Slesarew]

Regardless of ability to update metadata on the fly, we need to keep metadata here up to date at all times with minimal human intervention. This is a potential security issue so the process must be planned and executed carefully.

[jnaviask]

Hi, I was wondering what sort of implementation plan you had in mind for this?

[Slesarew]

There will be a script that checks if the metadata is up to date once in a while and makes a PR with new metadata (and of course it will have to be tested every time). We plan to start testing this feature next week, as well as video-QR "airgapped" metadata upgrades.

Due to these features, number of built-in networks will probably decrease and it shouldn't be an issue.

[Slesarew]

The tools for this are ready, now we need some protocol - this will certainly require manual intervention on releasing side.

[Slesarew]

We should ship that script based on subwasm that we used to generate 915* updates from .wasm files before nodes got them to this repo. However, it will depend on https://github.com/chevdor/subwasm/pull/41 (maybe not that much an increase is needed, but some certainly is) because nothing seems to work with current memory limit; a blocker.

[Slesarew]

Same thing should go into https://github.com/paritytech/metadata-portal; all of this is really part of polkadot's releasing flow and should be triggered there.

[Slesarew]

#914 allows .wasm signing and https://github.com/paritytech/ci_cd/issues/309 maybe should fix this at least partially. The only difference with the flow of the latter is that here we should only be updating if release happens; maybe fetching updates from live network is safer - after all, scanning metadata updates seems to be quite routine already