Derive channel keys from the channel funding pubkey

[sstone]

This PR changes how we compute channel keys:

• Each new channel is assigned a random BIP32 "funding key" path, which can be used to compute its funding privkey/pubkey pair.
• All channel secrets/private keys are derived from a BIP32 path that can be deterministically computed from the channel's funding pubkey.

User funds can now be recovered from their seed, without using backups (we could say that "we use the bitcoin blockchain to backup channels").
If a user loses their channel backup but still has their BIP32 seed, they can use DLP to request peers they have active channels with to publish their current commitment transaction, extract their funding pubkey from its witness, re-compute their to-remote key and spend their output.

Compatibility with older versions of eclair is achieved by adding a version field to LocalParams using the same pattern as for channel versions (since legacy LocalParams also starts with a public key). It has been tested with the following scenarios:

• new nodes can create and use channels with legacy nodes
• legacy nodes can be upgraded. Channels created before the upgrade will have their LocalParam.version field set to 0, and new channels will have their LocalParam.version field set to 1.

For users, it means that this feature will only be available for new channels, they still need their backup data to recover legacy channels (note: for recovering channels with peers that support DLP, any backup will do and not just the last one)

[codecov-io]

Codecov Report

Merging #1093 into master will increase coverage by 0.18%.
The diff coverage is 97.47%.

@@            Coverage Diff             @@
##           master    #1093      +/-   ##
==========================================
+ Coverage   82.67%   82.85%   +0.18%     
==========================================
  Files         101      102       +1     
  Lines        7653     7707      +54     
  Branches      312      316       +4     
==========================================
+ Hits         6327     6386      +59     
+ Misses       1326     1321       -5

Impacted Files	Coverage Δ
...ain/scala/fr/acinq/eclair/wire/ChannelCodecs.scala	100% <100%> (ø)	⬆️
...c/main/scala/fr/acinq/eclair/channel/Helpers.scala	94.64% <100%> (+0.18%)	⬆️
...main/scala/fr/acinq/eclair/crypto/KeyManager.scala	100% <100%> (ø)
...n/scala/fr/acinq/eclair/channel/ChannelTypes.scala	100% <100%> (ø)	⬆️
...scala/fr/acinq/eclair/crypto/LocalKeyManager.scala	86.84% <100%> (-2.64%)	⬇️
...-core/src/main/scala/fr/acinq/eclair/io/Peer.scala	75.46% <100%> (+0.53%)	⬆️
...in/scala/fr/acinq/eclair/channel/Commitments.scala	87.4% <100%> (+0.38%)	⬆️
...c/main/scala/fr/acinq/eclair/channel/Channel.scala	84.44% <93.33%> (+0.24%)	⬆️
... and 4 more

[SomberNight]

User funds can now be recovered from their seed, without using backups (we could say that "we use the bitcoin blockchain to backup channels").
If a user loses their channel backup but still has their BIP32 seed, they can use DLP to request peers they have active channels with to publish their current commitment transaction, extract their funding pubkey from its witness, re-compute their to-remote key and spend their output.

To be clear, you assume that the user performing disaster-recovery

• has their BIP32 seed
• knows which peer (e.g. 33 byte node id) they had what channel (e.g. 8 byte short channel id) with
• the node (peer) is online and reachable
• the channel had DLP enabled

right?

[sstone]

Not necessarily, just knowing your seed helps a lot: If commitment transactions have already been published, all you need to to is scan the blockchain for txs that spend a 2-of-2 p2wsh multisig, extract pubkeys, and check if you can spend its to-remote output. This may be enough in many cases, as your peers will eventually close channels that are never used anymore and where they have funds locked in, even if they don't support DLP.

Also, if you've funded channels it's very easy to re-compute their channel ids, just look at transactions coming out of your bitcoin wallet. If channels are public you can then find which node you were connected to

And in most cases users open channels to very few nodes and should be able to guess which ones