Add timeout constraint to macaroon when making RPC calls

[alevchuk]

https://github.com/lightningnetwork/lnd/blob/master/docs/macaroons.md mentions

lncli also adds a caveat which makes it valid for only 60 seconds by default to help prevent replay in case the macaroon is somehow intercepted in transmission.

I think we could also do this to match the security protections of lncli. This is an enhancement request to add time caveat when using the macaroon.

Suggested way to implement this:

1. Use pymacaroons library https://github.com/ecordell/pymacaroons
2. Before every RPC call

   
   from pymacaroons import Macaroon

m = Macaroon.deserialize(original_macaroon) m.add_first_party_caveat('X=Y') m.serialize()

*  For `'X=Y'` generate the constraint base on current wall time to match the behaviour of lncli's function `macaroons.TimeoutConstraint` 
(call is here:
https://github.com/lightningnetwork/lnd/blob/158a32c4e1a472dfae446478845c0a96e67dd4f7/cmd/lncli/main.go#L117 , definition is here https://github.com/lightningnetwork/lnd/blob/c1c4b84757dd5b1e1fcb285b4a1fa6a56b35432c/macaroons/constraints.go#L46 )
* TimeoutConstraint calls TimeBeforeCaveat in checkers https://sourcegraph.com/github.com/go-macaroon-bakery/macaroon-bakery/-/blob/bakery/checkers/time.go#L33:20 which basically adds  `"time-before=Z"` where Z is UTC time in RFC3339Nano format https://sourcegraph.com/github.com/go-macaroon-bakery/macaroon-bakery/-/blob/bakery/checkers/time.go#L34 For example: `"time-before=2019-01-02T15:04:05.999999999Z07:00"`
 

[adrienemery]

@alevchuk thanks for pointing this out. I also notice lncli adds support for locking to a specific IP address which could be a nice addition as well.