feat: finally to also clean up after trapping continuations

[ggreif]

Introduces an optional finally clause to try expressions that can be used for disciplined (structured) resource management. The clause comprises a unit-valued expression (or block) that may not perform sends (or similar). It gets executed for all control paths that leave the try-expression, i.e. return, break, etc. code paths. For nested try expressions the cleanups are performed in innermost to outermost order.

For last-resort cleanups (i.e. code paths trapping after an await) the replica invokes the callback registered as ic0.call_on_cleanup, and this will result in the execution of (exclusively) the finally blocks in (dynamic) scope. This is a new mechanism in Motoko, which was not possible to achieve earlier, and puts certain resource deallocations (e.g. of acquired locks) under the programmer's control.

---

TODO:

• invoke cleanup from the interpreter
• make catch optional (non-trapping when missing) — Allow try without catch #4600
  • well, this was not really needed as pattern-match failure would just re-throw, so we were fine. Optimised, though.
• remaining FIXMEs (arrange.ml, etc.)
• Triv in try (respect edges)
  • fix fallout
• forbid control-flow edges out of finally blocks
• remove all aliasing from IR
  • use meta (would assert currently, thus causing minor code duplication) — could be follow-up PR
• handle Throw and regular continuations in await.ml (instead of desugaring)
  • adjust (AST, IR)-interpreter
  • ❗️this is necessary when there is no catch, as the exception will escape
• how are label continuations invoked in the backend? (I need to know for the last-resort callback)
  • have a new context key sort Cleanup, stack up continuations of finally blocks only
  • extend the kr in await.ml to krc (CPSAwait), pass Cleanup continuations as c
  • add new primitive to compiler to set the last-resort field (not needed)
  • in async.ml lower CPSAwait to that too
  • adapt check_ir.ml, etc.
• tests with await*
• fix up the syntax part
• do ... finally (when there is no catch clause necessary)
  • means: TryE needs cases list option
• type checking for the finally clause
  • unit result
  • trivial effect (actually Claudio made this capability-based)
  • that the try block has await effect — nope!
• other type than unit for try
• OtherPrim "call_raw" + tests — nope!
• cps_asyncE similarly to CallPrim/3 — nope!
• highlighting of finally
  • for emacs
  • for VSCode → Bump moc to 0.11.2 vscode-motoko#288
  • GitHub highlighter
• Changelog (breaking change, new keyword)
• Docs
• adapt best practices: https://internetcomputer.org/docs/current/developer-docs/security/security-best-practices/inter-canister-calls#recommendation
• adapt Motoko examples where locking happens

[github-actions]

Comparing from 5fd4e2e to 78a8659:
In terms of gas, 4 tests regressed, 1 tests improved and the mean change is +0.0%.
In terms of size, 5 tests regressed and the mean change is +0.1%.

[crusso]

Ok, I think this is behaving correctly. Maybe refactor into a separate subtest/function (like the others)

[ggreif]

I'll do this in a separate PR.

[crusso]

See comments

[crusso]

There's something fishy in await.ml. Hold off merging for a bit

[crusso]

We can merge but I think it would be good to do the follow up PR addressing code duplication before releasing.