Define V3 binary secret encoding

[Egge21M]

Description
Adds the general V3 binary secret envelope to NUT-00 and defines
the NUT-10 condition payload encoding for V3 secrets.

Changes:

• Defines V3 Proof.secret as raw bytes.
• Adds secret = SECRET_KIND || DATA.
• Defines 0x00 random secrets and 0x01 condition secrets.
• Adds the CBOR ConditionMap for NUT-10 spending conditions.
• Replaces legacy data with pubkeys for P2PK and hash for HTLC.
• Encodes legacy tags as dedicated integer keys, while allowing
  extension tags as string: any.

[robwoodgate]

Great work, Egge - you've captured everything we discussed really well.

I added one suggestion which was a tangential offline conversation.

[robwoodgate]

I think we were planning to make this change too for v3 secrets.

Suggested change

	For `SECRET_KIND = 0x00`, `DATA` SHOULD be 32 bytes generated by a CSPRNG.
	For `SECRET_KIND = 0x00`, `DATA` SHOULD be a random 33 byte compressed secp256k1 public key.

[Egge21M]

Can you elaborate on the usecase? Making a standard random secret 33 bytes would mean it becomes distinguishable from deterministic secrets

[robwoodgate]

"...and MUST NOT redefine the meaning of the integer keys above."

Great call!

[robwoodgate]

spot on

[robwoodgate]

I just noticed the ConditionMap excludes kind now, I know we discussed the presence of hash as being a definitive marker between P2PK and HTLC, but I wonder if we need to keep kind for future NUT-10 kinds that may cherry-pick only certain items from the ConditionMap and may look like another type to a parser.

Eg: a future NUT-10 type that uses locktime but not pubkeys might be flagged as an invalid P2PK condition, whereas it is in fact valid for that specific custom kind.