This is in preparation for coq/coq#9274.

Use explicit names in some scripts, re-organize fupd plainly derived laws, adjust wsat import/export.

Modify adequacy proof to not break the 'fancy update' abstraction. Modify fupd plainly interface and add new derived results.

This is to be used on top of stdpp's 4b5d254e.

The advantage is that we can directly use a Coq introduction pattern
`cpat` to perform actions to the pure assertion. Before, this had
to be done in several steps:

  iDestruct ... as "[Htmp ...]"; iDestruct "Htmp" as %cpat.

That is, one had to introduce a temporary name.

I expect this to be quite useful in various developments as many of
e.g. our invariants are written as:

  ∃ x1 .. x2, ⌜ pure stuff ⌝ ∗ spacial stuff.

This causes a bit of backwards incompatibility: it may now succeed with
later stripping below unlocked/TC transparent definitions. This problem
actually occured for `wsat`.

For obsolete reasons, that no longer seem to apply, we used ∅ as the
unit.

- Support for a `//` modifier to close the goal using `done`.
- Support for framing in the `[#]` specialization pattern for
  persistent premises, i.e. `[# $H1 $H2]`
- Add new "auto framing patterns" `[$]`, `[# $]` and `>[$]` that
  will try to solve the premise by framing. Hypothesis that are
  not framed are carried over to the next goal.

Fixes #59
Proof entirely by @janno

This patch was created using

  find -name *.v | xargs -L 1 awk -i inplace '{from = 0} /^From/{ from = 1; ever_from = 1} { if (from == 0 && seen == 0 && ever_from == 1) { print "Set Default Proof Using \"Type*\"."; seen = 1 } }1 '

and some minor manual editing

Using this new definition we can express being contractive using a
Proper. This has the following advantages:

- It makes it easier to state that a function with multiple arguments
  is contractive (in all or some arguments).
- A solve_contractive tactic can be implemented by extending the
  solve_proper tactic.

    The idea on magic wand is to use it for curried lemmas and use ⊢ for uncurried lemmas.

There is no way to infer the cmra A, so we make it explicit.

The old choice for ★ was a arbitrary: the precedence of the ASCII asterisk *
was fixed at a wrong level in Coq, so we had to pick another symbol. The ★ was
a random choice from a unicode chart.

The new symbol ∗ (as proposed by David Swasey) corresponds better to
conventional practise and matches the symbol we use on paper.

There are now two proof mode tactics for dealing with modalities:

- `iModIntro` : introduction of a modality
- `iMod pm_trm as (x1 ... xn) "ipat"` : eliminate a modality

The behavior of these tactics can be controlled by instances of the `IntroModal`
and `ElimModal` type class. We have declared instances for later, except 0,
basic updates and fancy updates. The tactic `iMod` is flexible enough that it
can also eliminate an updates around a weakest pre, and so forth.

The corresponding introduction patterns of these tactics are `!>` and `>`.

These tactics replace the tactics `iUpdIntro`, `iUpd` and `iTimeless`.

Source of backwards incompatability: the introduction pattern `!>` is used for
introduction of arbitrary modalities. It used to introduce laters by stripping
of a later of each hypotheses.

And also rename the corresponding proof mode tactics.

rename program_logic.{ownership -> wsat}. It really is about world satisfaction and invariants more than about ownership.