ProtoMessage should not panic on decoding failures #265
Description
Context
Currently, when ProtoMessage decodes a message, it attempts to deserialize it into self of type T. If decoding fails, it panics, which can cause unintended transaction execution failures. This behavior is often desirable, though there are cases, such as decoding a commitment proof, where the failures should be handled gracefully. We need to check whether decoding succeeds for each proof type/variant (Exist, NonExist, etc.), and a panic in this scenario prevents further attempts at decoding alternative proof types.
Furthermore, given that the protobuf implementation functions as a library that could be integrated into various smart contract applications, it is more appropriate to allow developers to decide whether a decoding failure should result in a panic or be handled differently based on their specific use case.
Proposal
Instead of panicking on a decoding failure, ProtoMessage should return Option<T>:
fn decode_raw(ref context: DecodeContext) -> Option<T>;