Document general attacks on privacy and security

[ariard]

We should add a SECURITY.md exposing all privacy/security issues while implementing a lightning client and requirement to mitigate them.

To mention:

• payment_secret secure randomness
• broadcasting interface privacy leaks (end-goal is to internalize it but right now it's up to the user)
• ChainWatchInterface and chain backend security tradeoffs
• utxo pool size/population when CPFP
• channel parameters value (congestion, dust inflation)
• watchtower integration
• key interface and key management
• ChannelMonitor consistency and storage

[ariard]

"Clients SHOULD sanitize network graph from semi-trusted parties". See #646 (comment)

[ariard]

"Clients SHOULD minimize headers download". See #791 (comment).

[TheBlueMatt]

Hmm, your link didn't work - which comment was that in reference to?

[ariard]

This #791 (comment)