dfinity
feat: [MR-592] Define and enforce callback limits
Define a subnet-wide soft cap on callbacks; and a per-canister guaranteed callback quota; and enforce them when outgoing requests are being enqueued.
This is an exceedingly rough attempt at enforcing callback limits. I spent a lot of time trying to figure out what was the most appropriate way of passing this available count or that limit all the way down into SandboxSafeSystemState, but I may not have gotten it perfectly right.
Edit (2024.11.07): In the meantime, the change is quite polished. Feedback on my choices for passing down the callback limit into SandboxSafeSystemState is still appreciated, though.
We no not want reaching this cap to result in canisters being unable to make any calls at all, ...
Typo in the 3rd paragraph of the description.
