Correctly handle BADONION onion errors

[TheBlueMatt]

Currently we entirely ignore the BADONION bit when deciding how to handle HTLC failures. This opens us up to an attack where a malicious node always fails HTLCs backwards via
update_fail_malformed_htlc with an error code of BADONION|NODE|PERM|X. In this case, we may decide to interpret this as a permanent node failure for the node encrypting the onion, i.e. the counterparty of the node who sent the
update_fail_malformed_htlc message and ultimately failed the HTLC.

Thus, any node we route through could cause us to fully remove its counterparty from our network graph. Luckily we do not do any persistent tracking of removed nodes, and thus will re-add the removed node once it is re-announced or on restart, however we are likely to add such persistent tracking (at least in-memory) in the future.

This probably needs test updates.

[codecov-commenter]

Codecov Report

Merging #1703 (befbfe9) into main (301efc8) will increase coverage by 0.75%.
The diff coverage is 96.00%.

❗ Current head befbfe9 differs from pull request most recent head e6a3c23. Consider uploading reports for the commit e6a3c23 to get more accurate results

@@            Coverage Diff             @@
##             main    #1703      +/-   ##
==========================================
+ Coverage   90.92%   91.67%   +0.75%     
==========================================
  Files          86       86              
  Lines       46417    52678    +6261     
  Branches    46417    52678    +6261     
==========================================
+ Hits        42204    48294    +6090     
- Misses       4213     4384     +171     

Impacted Files	Coverage Δ
lightning/src/ln/functional_tests.rs	97.79% <95.65%> (+0.67%)	⬆️
lightning/src/ln/onion_utils.rs	94.91% <100.00%> (+0.03%)	⬆️
lightning/src/util/events.rs	36.49% <0.00%> (-3.01%)	⬇️
lightning/src/chain/onchaintx.rs	93.79% <0.00%> (-1.15%)	⬇️
lightning/src/ln/priv_short_conf_tests.rs	96.66% <0.00%> (-0.18%)	⬇️
lightning/src/ln/payment_tests.rs	98.82% <0.00%> (-0.08%)	⬇️
lightning/src/ln/features.rs	99.46% <0.00%> (-0.01%)	⬇️
lightning/src/onion_message/messenger.rs	90.90% <0.00%> (+1.40%)	⬆️
lightning/src/util/wakers.rs	88.28% <0.00%> (+1.57%)	⬆️
... and 9 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[dunxen]

I don't think the tests will be too tricky after checking this out. I'll begin work on them.

[dunxen]

I don't think the tests will be too tricky after checking this out. I'll begin work on them.

Should have something up today. Will open against your branch.

[TheBlueMatt]

Thanks @dunxen! Added your test.

[dunxen]

onion_utils change makes sense and LGTM. Obviously just need more eyes on the test :)

[wpaulino]

LGTM after squash.

[TheBlueMatt]

Squashed without further changes.