feat(anchor-cli): cargo shim with set nightly rust

[Karrq]

Hey, I saw the issue with the nightly usage, and personally I prefer not having to use nightly as well when possible.

The current solution would force anchor to use nightly when we had an override, but I thought it would instead be nicer to provide both toolchains to anchor and let it pick the one it wants, so for example during IDL it will use nightly, but during normal build it would use stable.

To do that, I created a small shim script that acts in a similar way as the actual cargo binary, where the right toolchain is dispatched based on the first argument, in this case if omitted it would use stable and when +nightly is specified it would use the nightly toolchain we configured it for.

This is useful for multi-version compatibility: in this case 0.30.1 still makes use of the old API, therefore having a nightly toolchain which is compatible allows users (like me) to still make use of this specific anchor version. In the newer versions, the usage was patched so "latest" nightly is selected.

I also edited the patches so that +nightly is set normally by the IDL build step (since it would use the shim), and we only skip the toolchain installation phase.

[arijoon]

Nice, I need to find away to run the workflows on the fork with the base branch's secrets so it can push to the nix cache

[Karrq]

Seems like you could with pull_request_target but that's a bit insecure since could allow actors to extract the secrets.
More info on stack overflow: https://stackoverflow.com/questions/76952023/how-to-make-github-actions-safely-access-secrets-for-prs-created-from-forks

I think it would be acceptable to not push to cache the builds from PRs, and instead have a separate workflow which does for the master branch, so stuff that makes it into the sourcetree will be cached and generally PRs can't extract the secrets