onchaind: Adjust witness weight estimate to be more conservative

We were missing the OP_PUSH for the pubkeys, and the spec mentions we
should be using 73 bytes to estimate the witness weight. Effectively
this adds 4 bytes which really just matters in case fees hit the
floor, and computing the weight becomes important.

Changelog-Fixed: onchaind: Witness weight estimations could be slightly lower than the VLS signer

bitcoin/test/run-tx-bitcoin_tx_2of2_input_witness_weight.c

@@ -145,6 +145,14 @@ int main(int argc, const char *argv[])
 
 	/* 1 byte for num witnesses, one per witness element */
 	weight = 1;
+
+	/* Two signatures, slightly overestimated to be 73 bytes each,
+	 * while the actual witness will often be smaller.*/
+        /* BOLT #03:
+         * Signatures are 73 bytes long (the maximum length).
+         */
+	weight += 2 + 2;
+
 	for (size_t i = 0; i < tal_count(wit); i++)
 		weight += 1 + tal_bytelen(wit[i]);
 	assert(bitcoin_tx_2of2_input_witness_weight() == weight);

bitcoin/tx.c

@@ -886,13 +886,16 @@ size_t bitcoin_tx_simple_input_weight(bool p2sh)
 
 size_t bitcoin_tx_2of2_input_witness_weight(void)
 {
+        /* BOLT #03:
+         * Signatures are 73 bytes long (the maximum length).
+         */
 	return 1 + /* Prefix: 4 elements to push on stack */
 		(1 + 0) + /* [0]: witness-marker-and-flag */
-		(1 + 72) + /* [1] Party A signature and length prefix */
-		(1 + 72) + /* [2] Party B signature and length prefix */
+		(1 + 73) + /* [1] Party A signature and length prefix */
+		(1 + 73) + /* [2] Party B signature and length prefix */
 		(1 + 1 + /* [3] length prefix and numpushes (2) */
-		 33 + /* pubkey A (missing prefix) */
-		 33 + /* pubkey B (missing prefix) */
+		 1 + 33 + /* pubkey A (with prefix) */
+		 1 + 33 + /* pubkey B (with prefix) */
 		 1 + 1 /* num sigs required and checkmultisig */
 		);
 }