SEP-0010: Add requirement that operation account IDs be KEY_TYPE_ED25519 (CAP-27)

[leighmcculloch]

CAP-27 is replacing AccountID with MuxedAccount which will contain either the existing KEY_TYPE_ED25519 or a new type of account ID KEY_TYPE_MUXED_ED25519.

When this is implemented in SDKs calling .Address() on a muxed account will still return the same value as if the account was not muxed, and as such a SEP-10 server that updates to an SDK using the new XDR might unwittingly issue a JWT for an non-muxed account even though the challenge transaction contains a muxed account.

I propose we add a small statement to SEP-10 now, or when CAP-27 is accepted for implementation, that indicates an implementer should verify that the source account on the transaction and operations contain an account ID of type KEY_TYPE_ED25519.

This change would need to be implemented in every SDK supporting SEP-10 at the same time as the addition of the new XDR introduced by CAP-27.

This will prevent muxed accounts from being used with SEP-10 and give us time to learn and figured out how muxed accounts should work with SEP-10.

cc @stanford-scs @ire-and-curses @stellar/horizon-committers

[github-actions]

This issue is stale because it has been open for 30 days with no activity. It will be closed in 5 days unless the stale label is removed, or a comment is posted.