More Fully Test On-Chain Failure

[TheBlueMatt]

We have a bit of ad-hoc testing of on-chain failure paths right now. Coverage isn't too bad (though really should be 100% for channelmonitor's important functions), but that probably isn't enough. We should finish up the fuzz full_stack_target's money loss detection code, and maybe come up with a better fuzz target for that kind of broad-scale target (maybe getting Angora working would help, see AngoraFuzzer/Angora#10). Also mutation testing to make sure our coverage is "real", but that's tracked in #188.

[TheBlueMatt]

Another thing we should work with is Driller. This makes it look pretty easy to get it going in a VM: https://blog.grimm-co.com/post/guided-fuzzing-with-driller/ . If someone feels inclined to work on this I can dig up a bunch of CPU resources for use fuzzing.

[TheBlueMatt]

Played with driller a bit today, managed pretty easily (just adding new main()s in the fuzz_targets that actually read from stdin instead of use macros from other crates to do so) to get it to load but it crashes when it starts trying to do real work. See shellphish/driller#81.

[TheBlueMatt]

#416 got me a bit further, but now stuck on shellphish/driller#80.