Allow specific domains to call makeArbitraryTransaction for specific contracts

[kronosapiens]

In a future world, we would like specific domains to have control of external contracts (such as a Gnosis Safe, or any type of NFT). This means moving past our current makeArbitraryTransaction functionality, which is only global in scope, and introduce some new conception of specific domains being able to call out to external contracts.

One approach to this would be to maintain a mapping of (address => domain) to represent which domain owns and external address. We would introduce a new function (or extend makeArbitraryTransaction) which takes a target, an action, and a domain proof, and assesses that the caller has the permission in the domain which owns the target before executing the action.

As for which roles we would use, we have a few options:

• Decide that external addresses, being "resources", are under control of the funding permission.
• Introduce a new level in the mapping, for (address => permission => domain) to allow for the colony to decide which roles have control.
• Introduce a new role, the "stewardship" role, specifically for managing external contracts.

Additional open questions are whether only one domain can have control of an address at a given time (address => domain), or whether an address should be under the control of multiple ([address][domain] => true).