Make Session Initialization Implicit

[DanGould]

Close #363

A session is now initialized by generating keys and sharing them out of band.

A POST request pushes data to a subdirectory, by convention defined as the receiver's public key. GET requests attempt to fetch data. For the sender, this means they poll GET requests instead of POST requests so bandwidth use is reduced.

Payjoin v1 backwards compatibility is supported by adding v1 aware handlers, one for POST requests directly at the relay, since v1 is unaware of OHTTP, and a PUT handler on the subdirectory's OHTTP endpoint that saves the updated Payjoin PSBT to another Redis column. The v1 POST handler is waiting on an update to that column to repond to the v1 sender before the request times out.

Lastly, Message A is now encrypted with an ephemeral "encapsulation key" so that the sender's "reply key," used to identify the sender subdirectory where Message B is stored is encrypted inside Message A's ciphertext in order to prevent the Payjoin Directory from finding it. This prevents the Payjoin Directory from being able to relate the sender and receiver subdirectories by searching for the subdirectory identifying "reply key" in Message A's associated data. All they'll find is the ephemeral key that has no relation to the subdirectory id.

[nothingmuch]

oh, one more thing: maybe consider renaming ActiveSession to Session because the distinction is now meaningless

[DanGould]

oh, one more thing: maybe consider renaming ActiveSession to Session because the distinction is now meaningless

Perhaps even just Receiver to map against the Sender

[DanGould]

The tests appear to be flakier than they were before, getting "Ohttp relay is long running" from the ohttp_relay shut down before the test completes on occasion 🤔

[DanGould]

After 9f5a170 this should close #371 in implementation. We'll have to add the details to BIP77 but I think assuming this passes review it should be ready to merge.

[DanGould]

rebased