Implement state binding for cryptography

[elagergren-spideroak]

@mooreoak wrote

There is an possible attack that looks as fallows:

Given the network graph syncing: A <-> C <-> B. But a different topology for Fast channels: A <-> B and B <-> C. It could be the case that C used to have access to some class of data but lost it while A and B still maintain that access. C can prevent B from learning of the removal of C's access; but in this case B can still receive controlled information from A and then B could pass it on to C not knowing about the revocation of access.

In this way C could maintain access to the privileged information.

To fix this we could allow for an API to mix in information from the factDB in to keys used for fast channels. This way if B was too out of date from A it could not decrypt data from A and therefor not be able to pass it to C. This approach for binding authority state into key agreement would be useful anytime we want to move data off graph.

I think this API should be driven by policy and not hard coded to something like "you must have the head I have to talk with me" as that might require a graph sync before every data plane message. (Thou that is good is some cases)