Add a simple test that uses how to modify the swap-in-potentiam protocol to use musig2 and taproot:
- taproot key path is used for the mutual user key + server key use case, which sends to a single musig2 aggregated key
- tapscript path is used for the refund case (user key + delay)

Add another example with taproot but not musig2 that uses 2 differents scripts (mutual case and refund case)

This message includes all outputs from the remote tx and not just the one that is included in the swap.
This is needed for Schnorr signatures.

This allows us to easily rotate swap-in addresses and generate a single generic taproot descriptor (for bitcoin core 26 and newer) that can be used to recover
swap-in funds once the refund delay has passed, assuming that:
- user and server keys are static
- user refund keys follow BIP derivation

It makes the code cleaner and we get rid of the secret nonces map.
These nonces are replaced with dummy values whenever this classes are serialized, which is safe since they're never reused for signing txs.

Instead of sending an explicit serialId -> nonce map, we send a list of public nonces ordered by serial id.
This matches how signatures are sent in TxSignatures.

The semantics of the secret nonce field added to tx inputs were wrong, these nonces are transient and should be tied to the lifecycle
of the interactive tx session, this is much more explicit now.

It now provides different types for individual and aggregated musig2 nonces.

- add a pubkey script to the SharedInput() class (we don't need the full TxOut which we can recreate)
- remove aggregate nonce check ins FullySignedTx: code already handles transactions that are not properly signed
- generate musig2 nonces when we send TxAddInput

They use taproot v1, providing the tx output and not the entire tx is safe (see #579).
Here we add the swap-in input output and txout to the swap-in TLV, so this change does not interface with proposed changes to the LN spec.

This reverts commit c0a6d5a.

We use the musig2 helpers exposed by ACINQ/bitcoin-kmp#114
to simplify the swap-in protocol and hide all of the musig2 internal
details (key aggregation cache, control block, internal taproot key,
opaque session object, nonce aggregation).

The code is simpler to reason about and signing is more similar to
signing normal single-sig inputs.

They were disabled when we experimented with not sending the full tx.

The current recovery process needed to be updated to derive the correct master priv key from the seed by specifying our
custom BIP32 path (m/52h/0h/2h/0) when we create the wallet.

We also export 2 descriptor methods: one to get the private swap-in wallet descriptor, which can be used as-is, and the other to get the
public swap-in wallet descriptor, which can be used to create a watch-only wallet to monitor swap-in funds and to recovery funds using our recovery procedure.

Both descriptor use the refund master key, and not the master key itself because we use hardened paths to derive the refund key, which means that it is not
possible to compute the refund master public key from the master public: importing the descriptor would fail.

Co-authored-by: Bastien Teinturier <[email protected]>