Follow on from #453, and allow dry-validation contract classes to be provided directly to actions, in two ways.

First, via the contract class method, instead of expecting Hanami::Action::Params subclasses:

class MyAction < Hanami::Action
  contract MyContract # a Dry::Validation::Contract subclass
end

Second, via a contract dependency of the action:

# Either manually
class MyAction < Hanami::Action
end

action = MyAction.new(contract: MyContract.new)

# Or in Hanami apps, via Deps
class MyAction
  include Deps[contract: "my_contract"]
end

This is an altogether more flexible arrangement, since it will allow contracts to be used across both actions and other non-action classes within Hanami apps.

With this PR, we "soft deprecate" the idea of using Hanami::Action::Params subclasses as the way to provide reusable validation contracts to actions. We do this by updating Hanami::Actions.contract such that it does not support being given Hanami::Action::Params subclasses. Given that .contract is the new and full-powered incarnation of action validation, this hopefully will nudge people in the right direction.

We also have #455 for us to consider a proper deprecation of all direct Hanami::Action::Params usage, including subclasses being given to Action.params.

Implementation-wise, here's how we've done this:

• Add a contract_class setting to Hanami::Action
• Have Action.params and Action.contract set this contract_class config
• In Action#initialize, initialize the contract_class and assign it to @contract — because we initialize the contract at this point, rather than at the time of assignment, it means we support contracts with their own auto-injected dependencies!
• When actions are called, pass @contract into the created instance of Hanami::Action::Params
• Update Hanami::Action::Params to validate its params via this contract, or when none is given (i.e. when the action itself has no user-supplied contract), via an internal default contract that permits all params and deep symbolizes the keys

That's it! Along the way, we've also been able to simplify things:

• Stop needing to store a custom Hanami::Action::Params subclass (as params_class) for every action with a contract defined (instead we store the contract_class and pass it into a standard params object, as described above)
• Merge Hanami::Action::Params and Hanami::Action::BaseParams, while still ensuring that Params on its own can still work when the hanami-validations gem is not bundled
• Remove the need for a "base contract" that ensures the _csrf_token param is permitted. This would have been an issue with reusable user-defined contracts, since users will want to inherit from Dry::Validation::Contract directly, not a base contract from hanami-controller. To account for this, update the CSRFProtection module so that it looks for the _csrf_token in the raw, non-validated params instead.

Not only does this change simplify internals, it also offers a net reduction in lines of code! 😄