force close due to expiring htlcs - too aggressive

[ecdsa]

I recently had a channel force closed because of an expiring HTLC following a submarine swap with hold invoice. Here is what happened:

• client initiates normal swap (sends funds onchain)
• client receives HTLC, but cannot settle yet, because it does not have the preimage.
• client goes offline.
• the funding transaction gets mined and the server claims it.
• client comes back online. The HTLC is now in the "too close" time window.
• client reads the preimage from the claim tx, and settles the htlc.
• immediately after that, the client force closes, because the preimage was revealed, and the other party has not sent revack yet.

Note that the client should not fail the HTLC, because they would be losing money at this point.

A possible fix is to record when the HTLC was settled, and give some time to the peer to send revack. Unfortunately, this probably requires a db upgrade, because we would need to store the timestamp of the update_fulfill_htlc message.

[ecdsa]

Fixed without db upgrade. I guess that should be fine in most situations.

[SomberNight]

https://github.com/spesmilo/electrum/commit/98f9f295cfd5f8574ef4732de71274510c3f153d looks good