multi: update signing RPCs to expose new tapscript+taproot sig types

[Roasbeef]

Before taproot, there're two main signatures types for Bitcoin: pre-segwit, and segwit. They primarily differ in the way the sighash is computed.

Post-taproot we add two additional types: taproot key spend and tapscript leaf spend. Unlike the prior two signatures types, these are both schnorr only. The key spend sig type is used when we're spending from a regular top-level taproot output, and uses a new sighash type. The tapscript type is used when we're spending a leaf in the taproot tree. For the tapscript spend type, a valid witness also needs to include a merkle proof that the script being signed is actually a part of the tree. Note that the proof itself isn't signed, so if there're duplicate scripts in the tree, then it may be possible to use the sigs in a somewhat floating manner.

Aside from the new sighash types, we'll need to update internal data structures and RPC requersts to reflect the fact that taproot signatures can be 64 or 65 byte (64 byte sigs use an implicit sighash type of 0), and also that the schnorr public keys are always 32 bytes.

Steps to Completion

• Update the SignDescriptor used as a part of ComputeInputScript and SignOutputRaw abstract away from the existing single sighash field in favor of a multi-level (?) structure where the sig type is specified, then the sighash. The two sig types here are taproot vs tapscript.
  • Alternatively, we can minimize breaking changes here and just add another field for the sig type.
• Update the SignDescriptor to specify a field for complete set of input values associated with the transaction. Unlike segwitv0, the taproot sighash also includes the input value information for all the inputs when sighash_all is used.
• Update ComputeInputScript to support basic taproot key spend paths. It'll use all the additional fields created above, but create the new witness which is just the raw signature. Signing for this case should assume usage of BIP 86
  • In cases where BIP 86 may not be used, we should also optionally accept the taproot script root as well.

[Roasbeef]

Related PR: btcsuite/btcd#1787

[Roasbeef]

Related PR: btcsuite/btcwallet#792

[guggero]

Alternatively, we can minimize breaking changes here and just add another field for the sig type.

Not sure if I'm missing something here. But can't we just look at the pkScript of the output we're signing to determine the type of the signature? If it's a p2tr script, we're only supposed to be using Schnorr signatures. If it's a p2wpkh or p2wsh script, we use a legacy ECDSA signature.