Validate hd public keys when creating accounts

[braydonf]

Validates extended public keys (e.g. xpub) during account creation for watch-only wallets:

1. That the accountKey (extended public key) is at the correct depth, the account depth.
2. That the accountKey is at the expected BIP44 account index, to avoid issues as described in wallet: add "accountPath" attribute to handle edges cases with watch-only accountKeys #689 and Wallet: support import of x/y/zpubkey (BIP49 and BIP84) #616 with the account index being unknown and mismatching.
3. That the accountKey shares the same master key (skipped for now), as to avoid collisions of the BIP44 account index and further mismatches of the signing keys.
4. That the accountKey matches the wallet derivation scheme (skipped for now), for example BIP44, BIP45, BIP49, or BIP84.

[codecov-io]

Codecov Report

Merging #696 into master will decrease coverage by 0.07%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #696      +/-   ##
==========================================
- Coverage    62.1%   62.02%   -0.08%     
==========================================
  Files         147      147              
  Lines       25379    25381       +2     
==========================================
- Hits        15762    15743      -19     
- Misses       9617     9638      +21

Impacted Files	Coverage Δ
lib/wallet/wallet.js	67.57% <100%> (+0.08%)	⬆️
lib/mempool/fees.js	54.59% <0%> (-6.57%)	⬇️
lib/hd/private.js	68.28% <0%> (+0.44%)	⬆️
lib/hd/common.js	88.88% <0%> (+6.66%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0551096...6b6565f. Read the comment docs.

[pinheadmz]

If we're testing collisions maybe the error should say "key already exists at index..."

[braydonf]

It's testing if the key is derived from the same parent. The collision of the accountDepth is one of the potential issues of mismatching.

[braydonf]

The other issue is that if account 0, 1, 2 are from key-a, and account 3 is from key-b, it's a mismatch issue again, and an attempt to sign account 3 with key-a would fail.

[braydonf]

The parentFingerPrint can be used to validate that the accounts all derived from the same key to avoid those issues.

[tynes]

I'm almost certain this will break existing infrastructure built on bcoin

[braydonf]

Any existing watch-only usage that:

• Uses 1 wallet with more than 1 hd tree can be migrated to use 1 wallet to 1 hd tree. This will avoid confusion about which master key to derive keys from, account index collision issues, and limit gaps between accounts.
• Have accounts with gaps > 1 can be archived with all the possible private keys and addresses generated. A new hd tree generated and be used.
• Have a subset of the entire account space (gaps), and no actual gaps between accounts, can include the entire account space as to verify and avoid any future issues with gaps.

This gives the benefit that the mnemonic seed phrase is the only data needed to backup for recovery of coins. Otherwise the account space, which is often updated, becomes necessary to backup similarly.

[braydonf]

I've separated out the issue about gaps between accounts: #698