Problem

There are many situations in which a token holder burning their tokens can be a problem. For example, if a token represents a real-world asset, such as tokenized common stock, it's dangerous for a user to burn their tokens, since the token issuer can no longer maintain a 1:1 relationship between tokens and stock held.

Proposed Solution

A new extension called PermissionedBurn which requires that all burns be signed by an additional authority.

If a user wants to burn their tokens, they must sign the instruction, but the permissioned burn authority must also sign the instruction.

If a user needs to get rid of their tokens, they can send it to an account owned by the incinerator or the system program. However, just like with normal burns, only the permissioned burn authority can burn tokens held by the incinerator or the system program.

cc @gitteri @jnwng