Gossip over "paid" connection

[yyforyongyu]

As of today, once the init message has been sent, any node in the network can send/receive gossip messages for "free". A malicious node can connect to hundreds or thousands of nodes, making them send legitimate channel updates, or flooding them with fake ones. This isn't a serious DoS attack imo, but it can be better mitigated if we restrict gossiping over "paid" connections, i.e., we only allow channel updates to be sent to or received from peers that we have channels open with.

This means once the noise connection is established, the only allowed messages are setup messages like init or warning/error, control messages like ping/pong, and channel establishment v1/v2 messages. Gossip can only happen once the channel is established.

The basic idea is to stop treating each node's resource as free, and #1196 shares the same idea.

[TheBlueMatt]

This isn't a BOLT issue, but rather something nodes can do today if they want. You can't stop someone from sending you packets if they have your IP, the only thing you can do is ignore these messages, which you're totally free to do under the BOLTs (in fact we already have a scheme to tell peers whether you want messages, and if they send you crap you didn't ask for, you probably should ignore it!).