Testing feature: Provide Bitcoin full nodes from Bisq developers

[ManfredKarrer]

Overview
To protect against BitcoinJ's vulnerability regarding B2X (BitcoinJ is blindly following longest PoW chain and not checking consensus rule violations) we provide a list of Bitcoin Core nodes (bisq-network/roles#39). That also avoids the privacy issues with bloom filters. Further discussion and more background and details about the motivation can be found here: https://docs.google.com/document/d/1Fgxfrcpx1RNm36-YjqM5dLw3wXETsneEF2CKdXwJJ5Q

Description of feature: Provide Bitcoin full nodes from Bisq developers

We added radio buttons to select between “Use provided Bitcoin Core nodes”, “Use custom Bitcoin Core nodes”, “Use public Bitcoin network”.
By default the provided nodes are selected using a hard coded list of nodes operated by Bisq developers and bonded by BSQ.
The user can chose to set his own provided nodes or run locally a node. If run locally BitcoinJ always connect only to that node. Custom nodes can be passed in the network settings UI or via program arguments (--btcNodes). Both clear net and hidden service nodes are supported if “Use Tor for BitcoinJ” is selected (default). If the user don’t use Tor for BitcoinJ onion nodes cannot be used.
If the public network is selected the user gets displayed a popup with background information and a warning about the privacy issues caused by the broken bloom filters.
The selection and added custom nodes are persisted and the same state will be represented at next startup.
In case B2X represents a risk to become the longest PoW chain the founder of Bisq can publish a P2P message which prevents users to use and select the public network. That is required to protect against risks caused by the lack of consensus rule check in BitcoinJ.
If using custom nodes and the P2P message is sent the user gets displayed a popup stating that the user need to be sure to only use Bitcoin Core nodes in his custom nodes list.
If users would get mixed Bitcoin Core and B2X nodes or would swap over to B2X the wallet would get screwed up and trades would become insecure. Bisq will only support Bitcoin Core and any user who ignore our warning and protection and connect to B2X nodes act on their own responsibility. Disputes caused by that will be decided to the other peer and we will not provide any technical support for problems caused by that.

Testing that feature:

• Try out different options and see if it behaves like expected
• Check if selection and custom nodes are the same after restart
• Check if onion nodes are working if Tor is enabled
• Check with onion nodes when Tor is disabled (should print warn logs but cause no error - the nodes are ignored)
• If you are a developer you can set in DevEnv the USE_DEV_PRIVILEGE_KEYS flag to true and then set the developer message with cmd+f to test if deactivating public network works as expected. In that case previously set public network option gets reverted to use provided nodes. It will be only applied after a restart and it does not enforce a restart directly.

UPDATE: B2X just got canceled so the urgent threat is gone. We will still keep that feature as it avoids the privacy problems with bloom filter and because we are protected in future if such attacks repeat. We did not see that the first time (XT, Unlimted, Classic, BCH). Better be prepared in advance.