Move the check logic of user-shielding-key-set into pallet

[Kailai-Wang]

Context

Imagine a user calls create_identity without setting up the shielding key, F/E will get the error "InvallidUserShieldingKey", but the identities are already created in the sidechain

This is because we execute the pallet logic first and don't check the shielding key until we want to send back the result later:

litentry-parachain/tee-worker/app-libs/stf/src/trusted_call.rs

Lines 488 to 498 in a6b7e2e

	match Self::create_identity_runtime(
	enclave_account,
	who.clone(),
	identity.clone(),
	metadata,
	bn,
	parent_ss58_prefix,
	) {
	Ok(code) => {
	debug!("create_identity_runtime {} OK", account_id_to_string(&who));
	if let Some(key) = IdentityManagement::user_shielding_keys(&who) {

This is obviously incorrect. We should move the shielding key check either into the pallet or before the pallet call. I prefer the former solution.

related:

• Double-check the consistency of STF execution status #1223 (this is a state mismatch)
• Check sidechain storage value in ts-test #1250 (ts-test should also check the actual storage of the sidechain)

---

✔️ Please set appropriate labels and assignees if applicable.