Refactor/wallet generic signer

[OBorce]

• add a generic signer provider for creating a software or a hardware signer
• make account key chain generic to allow using it with and without a VRF keychain
• add an implementation for the trezor signer
• copy auto generated trezor client to communicate with a connected trezor device
• add new hardware-wallet option when creating and opening a wallet in the CLI and RPC wallet commands

[azarovh]

why cold mode? I thought that's the whole point that hardware wallet is both convenient and secure.

[azarovh]

let's make it an error? Not sure if there is a use case for Trezor + Cold

[azarovh]

it also conflicts with whether_to_store_seed_phrase

[OBorce]

whether_to_store_seed_phrase was a required parameter I am not sure if we should break backwards compatibility or not, that is why I left it alone, and just check that it is set to false.

[azarovh]

Should thenwhether_to_store_seed_phrase be marked with required_unless_present("hardware_wallet") or something like that? So people won't have to type it every time for hardware.

[ImplOfAnImpl]

it also conflicts with whether_to_store_seed_phrase

I guess this comment is still relevant.

Also, I suggest updating descriptions for all options that don't work with "--hardware_wallet" so that they explicitly mention this.

[azarovh]

there also should be a case for spending Htlc utxo with a secret

[azarovh]

1. There should be some negative cases: where trezor failed to sign inputs with unknown keys or something like that.
2. How does device become aware of private keys? I see that at the beginning of the test a key chain is created from mnemonic, but how trezor is related to that I don't understand (like initialising it with test mnemonic of something)

[azarovh]

ok I keep forgetting that this is manual test. So basically you have to recover a wallet from test mnemonic right?

[ImplOfAnImpl]

I find this somewhat scary. E.g. we're signing a raw transaction, which was created who knows when, and then here we're obtaining the pool balance which now may be different from the one that it had when the tx was created (e.g. due to a reorg). So we're basically producing potentially incorrect data and rely on it being ignored (because, as I can see, it's not used in places where this function is called).
Which makes me think that "dynamic" data, like pool balances (as opposed to "static" data, like token decimals) shouldn't be in UtxoWithAdditionalInfo.
But then it'd make sense to move the static data out of it as well, because e.g. it'd be more natural for token decimals to be stored in a single map and passed alongside PartiallySignedTransaction (or maybe it can still be a part of PartiallySignedTransaction, but not a part of individual utxos).
I wonder whether we should reconsider this whole approach with UtxoWithAdditionalInfo. @azarovh what do you think?

[azarovh]

Not sure there is a way around it because we have to display what is being signed and a tx has to have an output with specific decommissioned amount.

[OBorce]

The thing is that the same dynamic data is also used on tx creation and once you submit the tx to the node to validate the tx. So if it is wrong now it will also be wrong on submittion.

~~The only issue I see is if the user's node itself creates 2 blocks which cause a reorg. They create the tx while on the first block and then a reorg happens with the other block which can have more or less fees so the tx might be rejected if the new balance is less or silently accepted and the excess coins going to fees. ~~ actually the block id will be different and the utxo will not be the same

[ImplOfAnImpl]

1. Regarding 'Model' variants - why ignore TrezorEmulator? Also, TrezorLegacy is the Model One as I can see, so we should support it too.
2. What if multiple devices are connected? I think it's not a good idea to select one randomly. Probably the easiest solution is to refuse to proceed asking the user to leave only one device connected. But ideally we should allow to select the device.

[ImplOfAnImpl]

Some additional thoughts:

1. I don't think you ever check the device for Capability_Mintlayer. If so, we'll be getting bug reports like "nothing works", only to find out later that the user didn't install our firmware.
2. It's better to show to the user the name of the device that is being used, to avoid confusion (the label field of message Features).
3. It may even make sense to store the device name in the wallet file itself, so that when there is a mismatch, we could tell the user what device must be used with this wallet file.
   (But since the label can be changed any time, we'll probably have to update it every time after we successfully connect to the proper device).
4. We should probably also store the device_id in the wallet file, so that when we detect public keys mismatch, we can tell the user whether the device itself is wrong or the entered passphrase.
   The tricky thing is that device_id is not hardcoded in the device and instead is randomly generated on device setup. So if the user resets the device and restores the same seed phrase, the id will be different. So we'll still have to check the keys first and then if the device_id doesn't match, tell the user that the device seems to be different.

[ImplOfAnImpl]

Some minor issues:

1. The wallet file is created before a device is successfully discovered. So, if there are no connected devices, the user ends up with a useless wallet file.
2. The error dialogs in node-gui are messed up. This is the one when no device can be found:
   
   and this is when a file with the same name already exists:
   
   Btw, when I press "ok, the previous dialog is still shown and has to be closed manually:
   
   This happens for the software wallet too.
   Also, shouldn't we overwrite the existing file instead of failing? Because the user has already confirmed overwriting when selecting the file.