Don't modify custom account instance storage prior to authorization until p25

[dmkozh]

While addressing the instance storage issue announced yesterday, another issue has been identified. Re-entrant __check_auth calls do not observe the changes that the parent call made to the instance storage. If an account contract modifies the instance storage, then calls require_auth[_for_args] for the current contract address, and then __check_auth tries to observe the modified value, it wouldn't see the modification.

Due to this issue, we recommend to not modify custom account instance storage prior to calling env.current_contract_address().require_auth[_for_args]() until protocol 25 upgrade. Note, that even after the issue is fixed in protocol 25, this usage pattern is unlikely to ever be valid - storage modifications should typically be conditioned on successful authorization.

Our analysis indicates that no contracts currently on-chain are affected. This is expected, as state modification is a privileged operation that typically follows authorization. Since modifying state before authorization represents an insecure pattern, we do not anticipate this issue impacting valid production contracts.