Consider other JSON-RPC clients instead of btcd

[JeremyRand]

btcd's rpcclient package is pulling in a quite large number of dependencies. It would be useful to evaluate whether this is contributing to excessive binary size or excessive attack surface, and whether perhaps a simpler JSON-RPC client would meet our needs better.

[JeremyRand]

btcd is also not packaged in most distros, which is potentially problematic. https://repology.org/project/btcd/versions

[JeremyRand]

I don't fully understand what the original motivation was for using a Bitcoin-specific JSON-RPC implementation. Looking over in Pythonland, a well-known Bitcoin-specific implementation is https://github.com/jgarzik/python-bitcoinrpc . It lists its two Bitcoin-specific features as:

• sends Basic HTTP authentication headers

Seems like it should be pretty standard for JSON-RPC libraries in Go, though I admit I haven't gone looking.

• parses all JSON numbers that look like floats as Decimal, and serializes Decimal values to JSON-RPC connections.

Bitcoin Core has moved away from abusing floating-point serialization, and additionally I can't actually even think of any Decimal fields that ncdns uses in the first place. So I am very skeptical that this matters to us.

I think the usage of btcd goes back to when Hugo created ncdns. @hlandau do you happen to recall what the motivation was for using btcd's JSON-RPC client here?

[JeremyRand]

We probably want JSON-RPC 2.0, since that's what Bitcoin Core uses (and it has some useful features we'd probably want, e.g. named parameters).

Results from https://github.com/search?q=json-rpc+2+language%3Ago&type=repositories&s=stars&o=desc :

• https://github.com/ybbus/jsonrpc
  • Supports HTTP auth, batch requests, proxies, and TLS.
  • Doesn't look terrible at first glance. Have not carefully audited it yet.
  • 702 lines of code, plus 1023 lines of tests; no dependencies outside of Go stdlib. 👍
  • Seems to be used by a Blockstream project, which is mildly reassuring (though that Blockstream project seems to be experimental, so who knows if they actually vetted their supply chain yet): https://github.com/ElementsProject/peerswap
  • Not packaged anywhere, but probably packaging it is much easier than packaging btcd?
• https://github.com/sourcegraph/jsonrpc2
  • No batch requests, which seems like something we might care about for performance reasons.
  • Documentation is a lot weaker.
  • Packaged in Debian: https://repology.org/project/go%3Agithub-sourcegraph-jsonrpc2/versions
• https://github.com/osamingo/jsonrpc
  • Server only?
• https://github.com/powerman/rpc-codec
  • No batch requests.
• https://github.com/filecoin-project/go-jsonrpc
  • Do we want to be downstream of Filecoin?
  • I see WebSocket things, possible code bloat?
  • Just client.go has more LoC than the entirety of ybbus/jsonrpc 😭
• https://github.com/creachadair/jrpc2
  • Documentation is weak.
• https://github.com/go-language-server/jsonrpc2
  • Server only?

None of these have cookie auth, but presumably we can handle that ourselves with a wrapper library or something.