Allow accounts to be individually encrypted and unlocked

[jrick]

This commit introduces three new RPCs (setaccountpassphrase,
unlockaccount, and lockaccount) which can be used to set a unique
passphrase for and allow individual locking of particular accounts,
separate from the global keys used to encrypt all other accounts.

Argon2id is used as the KDF for individually encrypted accounts, and
XChaCha20-Poly1305 is used for authenticated encryption of account
xprivs. The new KDF parameters use the same memory difficulty (256M)
as the scrypt parameters used for all other accounts.

[vctt94]

I set the account passphrase and looks like it worked, but if I unlock the account and try sending from it, I get a wallet passphrase error:

vctt@vctt:~/projects/decred/dcrctl$ go build && ./dcrctl --testnet --wallet unlockaccount default 123
vctt@vctt:~/projects/decred/dcrctl$ go build && ./dcrctl --testnet --wallet sendfrom default TsfDLrRkk9ciUuwfp2b8PawwnukYD7yAjGd 1
-13: enter the wallet passphrase with walletpassphrase first

[vctt94]

Tested and worked fine. LGTM.

One thing I noticed is that right now is not possible to know which accounts is locked or not, or an easy way to lock all accounts.

I think it would be nice to have it.

[jrick]

That's a good suggestion. Unfortunately the most sensible RPC to add this to (listaccounts) would need a breaking change to the response format to support something like this.

[jrick]

the account properties (returned by w.Accounts) now includes if the account has a per-account passphrase set on it, and whether it is locked or unlocked, which should be useful for the grpc server since it does return this data directly (unlike jsonrpc).