accounts: tighten macaroon permissions to reflect allowed calls

[guggero]

Currently, when creating an account, the permissions assigned to the macaroon that is created for the account are:

                "info:read",
                "invoices:read",
                "invoices:write",
                "offchain:read",
                "offchain:write",
                "onchain:read",
                "peers:read"

But this is a superset of the calls that are actually allowed to be made with an account restricted macaroon, which leads to incorrect permissions being reported when using the wasmClientHasPerms call in LNC.

The actual list of calls that should be allowed is (see https://github.com/lightninglabs/lightning-terminal/blob/master/accounts/checkers.go#L111):

/lnrpc.Lightning/AddInvoice
/lnrpc.Lightning/ListInvoices
/lnrpc.Lightning/LookupInvoice
/lnrpc.Lightning/SendPayment
/lnrpc.Lightning/SendPaymentSync
/routerrpc.Router/SendPaymentV2
/lnrpc.Lightning/SendToRoute
/lnrpc.Lightning/SendToRouteSync
/routerrpc.Router/SendToRouteV2
/lnrpc.Lightning/DecodePayReq
/lnrpc.Lightning/ListPayments
/routerrpc.Router/TrackPaymentV2
/lnrpc.Lightning/PendingChannels
/lnrpc.Lightning/ListChannels
/lnrpc.Lightning/ClosedChannels
/lnrpc.Lightning/ChannelBalance
/lnrpc.Lightning/WalletBalance
/lnrpc.Lightning/GetTransactions
/lnrpc.Lightning/ListPeers
/lnrpc.Lightning/GetInfo
/lnrpc.Lightning/GetNodeInfo

[levmi]

@itsrachelfish assigning you to this one as you're the most familiar with this area of the code base! Thanks!

[kaloudis]

I don't think /lnrpc.Lightning/ListChannels should be on the list because even though the call returns, it's always an empty. It's more useful for people integrating to just have this return as false so they can know to no show any channels-related UI.

[guggero]

I don't think /lnrpc.Lightning/ListChannels should be on the list because even though the call returns, it's always an empty. It's more useful for people integrating to just have this return as false so they can know to no show any channels-related UI.

Sounds good! When I originally built this, I used Zap as the UI to test it. And that just made the call, as it didn't have any capability of detecting permissions.