channeld: Track the funding depth while awaiting lockin

We used to agree up on the `minimum_depth` with the peer, thus when
they told us that the funding locked we'd be sure we either have a
scid or we'd trigger the state transition when we do. However if we
had a scid, and we got a funding_locked we'd trust them not to have
sent it early. Now we explicitly track the depth in the channel while
waiting for the funding to confirm.

Changelog-Fixed: channeld: Enforce our own `minimum_depth` beyond just confirming

lightningd/channel.c

@@ -430,6 +430,7 @@ struct channel *new_channel(struct peer *peer, u64 dbid,
 	channel->channel_flags = channel_flags;
 	channel->our_config = *our_config;
 	channel->minimum_depth = minimum_depth;
+	channel->depth = 0;
 	channel->next_index[LOCAL] = next_index_local;
 	channel->next_index[REMOTE] = next_index_remote;
 	channel->next_htlc_id = next_htlc_id;

lightningd/channel.h

@@ -119,6 +119,12 @@ struct channel {
 	/* Minimum funding depth (specified by us if they fund). */
 	u32 minimum_depth;
 
+	/* Depth of the funding TX as reported by the txout
+	 * watch. Only used while we're in state
+	 * CHANNELD_AWAITING_LOCKING, afterwards the watches do not
+	 * trigger anymore. */
+	u32 depth;
+
 	/* Tracking commitment transaction numbers. */
 	u64 next_index[NUM_SIDES];
 	u64 next_htlc_id;

lightningd/channel_control.c

@@ -256,7 +256,9 @@ static void peer_got_funding_locked(struct channel *channel, const u8 *msg)
 
 	/* Remember that we got the lockin */
 	wallet_channel_save(channel->peer->ld->wallet, channel);
-	lockin_complete(channel);
+
+	if (channel->depth >= channel->minimum_depth)
+		lockin_complete(channel);
 }
 
 static void peer_got_announcement(struct channel *channel, const u8 *msg)
@@ -805,6 +807,7 @@ bool channel_tell_depth(struct lightningd *ld,
 	const char *txidstr;
 
 	txidstr = type_to_string(tmpctx, struct bitcoin_txid, txid);
+	channel->depth = depth;
 
 	if (!channel->owner) {
 		log_debug(channel->log,