PrivValidator follow up

[ebuchman]

• types/priv_validator package #1203 has been merged but please follow up on Anton's review re pvsc.Stop(), panic, and sign_bytes
• Tendermint is dialing the signer, but we need the signer to dial Tendermint. Perhaps we can have the SocketClient take a conn directly to avoid the confusion around a client doing the listening (the ADR did not specify this well, my bad - see PrivValidatorAddr -> PrivValidatorListenAddr. Update ADR008 #1256 for a start)
• Some more review follow up from Invert privVal socket communication #1286 (review)
• priv_val_server needs to be updated
• authenticate against ID@host:port in the RemoteSigner, check that id matches configured
• Persist PrivKey the SocketClient uses for external signers to authenticate properly
• full integration and deprecate the old PrivValidator

[xla]

added TODO

[tarcieri]

If it's too much work for the signing service to connect to Tendermint, we can go back to the original plan of having Tendermint call out to the signer.

Having the signer connect rather than listen is a little bit of defense-in-depth, but so long as both sides are mutually authenticating each other, they should be equivalent from a security perspective, barring some sort of pre-auth vulnerability in the signing service.

[xla]

@tarcieri See #1286 we going to stick to the original plan and have the signer(s) connect to Tendermint.

[tarcieri]

@xla great!