Remove all insecure POST API endpoints

[karmacoma]

We should remove all API endpoints receiving a passphrase/secret over the network. Instead we should rely on the signing transactions locally using lisk-js, and then post them onto the network via some rewritten: POST /api/transactions endpoint, or in case of mult-signatures: POST /api/multisignatures/sign.

Endpoints that need to be first rewritten, to facilitate functional testing of public API:

• Rewrite PUT /api/transactions -> POST /api/transactions
• Rewrite POST /api/multisignatures/sign -> POST /api/signatures

Note: These API endpoints should behave in same way as:

• POST /peer/transactions
• POST /peer/signatures

Which should mean this code can be shared between p2p and public APIs.

These end points should recieve locally signed transactions or multi-signatures from lisk-js, and process them, without entering the p2p stack e.g. passing any peers data schema checks or being interpreted as a peer communication.

Functional tests previously reliant on these endpoints will need to be adjusted to use the lisk-js driven method of local signing and then posting to these revised API endpoints.

Endpoints to be removed are as follows:

• Remove POST /api/accounts/open
• Remove POST /api/accounts/generatePublicKey
• Remove PUT /api/accounts/delegates
• Remove PUT /api/delegates
• Remove PUT /api/signatures
• Remove PUT /api/dapps
• Remove PUT /api/multisignatures

[Isabello]

I will be providing documentation and architecture for the implementation. we will need someone assigned for implementation.