Clarify onionmessage decryption

[rustyrussell]

I recently re-implemented this to get our code production ready, and I found the spec unclear and even misleading. This series seeks to rework it to be clearer and more coherent.

Most pointedly, it's now clear that blinding applies to the onion, not the internal encrypted blob: the spec was confused about this at various points. The onion decoding is now specified exactly, and is general. The old references to "realms" (from legacy onions) is removed.

[rustyrussell]

OK, so I rolled in Thomas' feedback, which lead me to think that we should simply avoid calling the point "blinding" (as that's not all it's used for). Example commit which changes it to "path_key" at the end?

I think this is clearer. WDYT?

[t-bast]

I think that one of the things that makes this PR hard to review is that https://github.com/lightning/bolts/pull/1179/commits/5983830c81782a2f5454e23961ddbf0a68c0cbb5 and https://github.com/lightning/bolts/pull/1179/commits/570f6fa69eeea9add90167fc67d1d00c5edc5059 are unrelated to route blinding and could be extracted to its own PR. It's easier to review on its own and we should reach agreement quickly on it and merge it as a first step.

[rustyrussell]

I think that one of the things that makes this PR hard to review is that 5983830 and 570f6fa are unrelated to route blinding and could be extracted to its own PR. It's easier to review on its own and we should reach agreement quickly on it and merge it as a first step.

Agreed. It's only when I started editing I found these.

I will open a new PR for those, then rebase on that.