makeContractGovernorKit is missing input validation

[gibson042]

Describe the bug

makeContractGovernorKit is defined with ContractGovernorKitI, which requires that facet creator method getCreatorFacet returns a remotable, and likewise for methods getAdminFacet and getPublicFacet. But its initializer just accepts (startedInstanceKit, limitedCreatorFacet) and populates state like { ...startedInstanceKit, limitedCreatorFacet, … }, which means that the values those methods attempt to return might not actually be remotables. The interface guards will produce errors in that case, but there is no indication of a problem until that time, which is potentially far removed from the problem with initial creation.

To Reproduce

This problem already exists within our tests:

1. governedContract.js returns makeGovernorFacet({}, { governanceApi }) as its creatorFacet.
2. makeGovernorFacet(originalCreatorFacet, governedApis = {}) wraps makeFarGovernorFacet to return a "governorFacet" Far object whose getLimitedCreatorFacet method returns the input originalCreatorFacet, which for this test is an empty CopyRecord.
3. contractGovernor.js starts the governed contract (which for this test is governedContract.js) to get startedInstanceKit, calls getLimitedCreatorFacet() on startedInstanceKit.creatorFacet to get a limitedCreatorFacet (which for this test is that empty CopyRecord), and passes both on to makeContractGovernorKit(startedInstanceKit, limitedCreatorFacet).
4. The tests that start governed instances of governedContract.js don't call getCreatorFacet(), but any attempt to do so would result in an error.

Expected behavior

Because makeContractGovernorKit interface guards constrain methods that return values from original input, those values should be validated at creation time in the makeContractGovernorKit initializer.