KYC Sanction Expiration (#320)

* Add GOVERNANCE_ROLE, sanction tracking, and update KYC/sanction logic in KintoID contract.

* Refactor KintoID.sol by removing redundant sanction checks and simplifying isKYC and isSanctionsSafe logic.

* Fix logic in KintoID contract to correctly evaluate sanctions safety and update unit test for sanctions check.

* Refactor sanction confirmation logic in KintoID contract and add unit test for unconfirmed sanctions handling.

* Refactor sanctions safety checks in KintoID contract for streamlined logic and improved readability.

* Add sanction confirmation logic with governance role checks and tests for KintoID contract.

* Enhance KintoID contract with detailed event documentation, improved error handling, and updated function comments for clarity and consistency.

* Upgrade KintoID contract to version 9, update deployment scripts and tests, and add governance role management for KintoID and NioGovernor.

script/migrations/135-upgrade_faucet_id.s.sol

@@ -1,36 +1,43 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.18;
 
-import {Faucet} from "../../src/Faucet.sol";
 import {KintoID} from "../../src/KintoID.sol";
 import {MigrationHelper} from "@kinto-core-script/utils/MigrationHelper.sol";
+import "@openzeppelin/contracts/access/IAccessControl.sol";
 
-contract UpgradeKintoIDFaucetDeployScript is MigrationHelper {
+contract UpgradeKintoIDScript is MigrationHelper {
     function run() public override {
         super.run();
 
-        // bytes memory bytecode = abi.encodePacked(
-        //     type(KintoID).creationCode,
-        //     abi.encode(
-        //         _getChainDeployment("KintoWalletFactory"),
-        //         _getChainDeployment("Faucet")
-        //     )
-        // );
+        bytes memory bytecode = abi.encodePacked(
+            type(KintoID).creationCode,
+            abi.encode(
+                _getChainDeployment("KintoWalletFactory"),
+                _getChainDeployment("Faucet")
+            )
+        );
 
-        // address impl = _deployImplementationAndUpgrade("KintoID", "V8", bytecode);
-        // saveContractAddress("KintoIDV8-impl", impl);
+        address impl = _deployImplementationAndUpgrade("KintoID", "V9", bytecode);
+        saveContractAddress("KintoIDV9-impl", impl);
 
-        // bytecode = abi.encodePacked(
-        //     type(Faucet).creationCode,
-        //     abi.encode(_getChainDeployment("KintoWalletFactory"))
-        // );
+        KintoID kintoID = KintoID(_getChainDeployment("KintoID"));
+        address nioGovernor = _getChainDeployment("NioGovernor");
+        bytes32 governanceRole = kintoID.GOVERNANCE_ROLE(); 
 
-        // impl = _deployImplementationAndUpgrade("Faucet", "V9", bytecode);
-        // saveContractAddress("FaucetV9-impl", impl);
+        assertFalse(kintoID.hasRole(governanceRole, kintoAdminWallet));
+        assertFalse(kintoID.hasRole(governanceRole, nioGovernor));
 
-        // vm.broadcast(deployerPrivateKey);
-        KintoID kintoID = KintoID(_getChainDeployment("KintoID"));
-        _whitelistApp(address(kintoID));
-        _upgradeTo(address(kintoID), _getChainDeployment("KintoIDV8-impl"), deployerPrivateKey);
+        _handleOps(
+            abi.encodeWithSelector(IAccessControl.grantRole.selector, governanceRole, kintoAdminWallet), address(kintoID)
+        );
+
+        _handleOps(
+            abi.encodeWithSelector(IAccessControl.grantRole.selector, governanceRole, nioGovernor), address(kintoID)
+        );
+
+        assertTrue(kintoID.hasRole(kintoID.GOVERNANCE_ROLE(), kintoAdminWallet));
+        assertTrue(kintoID.hasRole(kintoID.GOVERNANCE_ROLE(), nioGovernor));
+
+        assertTrue(kintoID.isKYC(deployer));
     }
 }