Ensure that the resource from the wire, the resource for the update
match up. Also ensure that the source ship and the ship that is being
pulled from for the resource match up. Without this, a host of a graph
could send updates for graphs that they do not hosts, and these would be
unconditionally forwarded, allowing malicious hosts to overwrite graphs
that they do not host.
Virtualises the kick handler for the inner door in lib/pull-hook, so
that crashes in the handler do not cause a dangling resource with no
subscription. Additionally, failed kicks now cause the sync to be
dropped into a failed-kicks map in the state, where we attempt to
recover from the failure in the on-load.
If the %kick handler of the inner-core crashes, then we never get to
resubscribe, thus leaving a dangling entry in the state with no
corresponding subscription. Updates the pull-hook-action pokes to not
crash when given a dangling entry.
If we receive an %add poke for a resource we are already pulling, no-op
instead of crashing. This should prevent crashes upon repulling a
resource after a breach of the host.