Stateless remote mode: Adds passing in macaroon and tls data, and a CheckMacaroonPermissions RPC

[orbitalturtle]

For Terminal's stateless-remote mode, as described in lightninglabs/lightning-terminal#160, we add a few changes in this PR:

• Adds new configuration options to the lndclient, for passing in macaroon data and tls data directly in stateless remote mode.
• Also adds these features to the "basic client." For stateless-remote, the Pool server uses the basic client for connecting to LND.
• Adds a wrapper for the CheckMacaroonPermissions RPC in LND for checking the validity of a Macaroon, so that we can use it to check validity in the Lightning Terminal. (Will open a separate PR into LND for this soon.)

Relies on:
lightningnetwork/lnd#5304

[guggero]

Thank you very much for the PR (and the one in lnd)!

I did a first quick pass and it looks really good. Going to look at the lnd PR next.

Just one main thing that needs to be changed:
Since this PR requires functionality that isn't yet even merged to lnd, we won't be able to merge it for a while. It'll be merged to a branch lnd-14-0 once we start working on that. For now, can you please open this against the lnd-13-0 branch? That way you also get a new type for the MacaroonPermission. You can edit the base of your PR by clicking the edit button of the title. A new drop down then appears where you can switch from master to lnd-13-0.

[orbitalturtle]

Thanks for the initial review @guggero! Will get to these changes soon

[orbitalturtle]

I made those changes @guggero :)

[guggero]

Thanks for the rebase! Just a few more minor things, this PR is getting very close.

[orbitalturtle]

Thanks @guggero! Made those changes

[carlaKC]

Thanks for the PR!

Great addition, and nice to have some test coverage :)

[carlaKC]

Looking good!

Once the lnd version here is updated and the dependent loop PR points to this I'll test some of these options out.

[orbitalturtle]

Made those changes @carlaKC ! FYI I also made a few small additional changes, since we're moving in a new direction for integrated mode in the Terminal (described here lightninglabs/lightning-terminal#160 (comment)). In short, needed to allow the option for passing in no tls creds, so I added another boolean parameter in GetTLSCredentials to enable that option.

[guggero]

Almost there, just a few more minor things. Great work pushing forward on this quite respectable chain of dependent PRs 👏

[carlaKC]

Looking good! Just need to bump deps to master to get around that kvdb issue.

I think we can bump lightninglabs/loop/pull/406 to depend on this version of lndclient just to test out everything works as expected then merge.

[guggero]

LGTM 🎉

[guggero]

The linter is complaining:

lnd_services.go:805: G402: TLS InsecureSkipVerify set true. (gosec)
			InsecureSkipVerify: true,

Probably needs a // nolint:gosec comment on that line.

[orbitalturtle]

@guggero made that linter change!

@carlaKC Looks like i was wrong about that loop PR requiring this lndclient change ~ will be submitting a terminal change soon that requires it though

[Roasbeef]

Drive by comment, but rather than breaking the interface here, this should've just used a BasicClientOption as that's how the API is intended to evolve.

IMO we should likely follow this path, as otherwise updating will break every user of NewBasicConn as is.