Revise staking origins

[kianenigma]

Currently,

cancel_defered_slash has a custom origin.
everything else, including:

• changing validator count
• forcing era change
• force_unstake
• set_config (sets the count bounds, min bonds, and min-commission)

are all root. Some of these are not justifiable to be root, and not in-line with gov v2.

An easy fix is to make all of this be one custom origin, and map them to StakingAdmin on Kusama (and Root in Polkadot while we're at Gov v1). So rename and reuse the existing SlashCancelOrigin for more things.

I thought about splitting them up, but it doesn't make sense. Almost all of these are equally important, and with obtaining any of them you can attack a chain.

For example:

• you can set the validator count to 0
• you can force-unstake everyone
• you can misbehave and cancel the slash
• you can set a very high min-bon, such that no one can nominator or validate.
• you can set a very low max validator / max-nominator
• the combination of the above two gives you power to chill everyone and create nothing at stake

So all of them can be equally destructive and should be well protected.

Long term, it would be good if we can extract setting commission into another transaction that has a slightly weaker origin, as this one is the only non-attackbale one.

[Ank4n]

Should we extract out set_min_commission with a weaker origin and close this issue?

I think one idea is, in long term, we can look into overloading most transactions to allow weaker origin to execute it if the code determines the change is not significant (eg: validator count changes up to 10% of its value). Otherwise require root. But admittedly, it might just be over-engineering and we should revisit this when we next hit a bottle neck in handling staking related governance decisions.

[Polkadot-Forum]

This issue has been mentioned on Polkadot Forum. There might be relevant details there:

https://forum.polkadot.network/t/polkadot-release-analysis-v0-9-37/1736/1