Investigate recovery options for lost wallet keys

[esune]

Investigate what can be done to recover lost wallet keys when in managed mode.

[esune]

As per @andrewwhitehead input, the sub-wallet records use this model and it might be possible to connect to the main wallet and and fetch records of type wallet_record, with the specific wallet_id.

This could provide a good self-serve recovery option for users who have other ways of accessing the tenant (i.e.: api-key access) if:

• an endpoint is available to perform the above operation
• api-keys can be classified as having admin access (which would allow for tasks such as key recovery/rotation) or not (can only consume "regular" APIs)

I am thinking this would be a good addition for the innkeeper plugin, since it is already managing api-keys and we could therefore enhance functionality further.

[esune]

I attempted to create an innkeeper administrative endpoint that could be used to retrieve a tenant's wallet id/keypair in case of emergency: this is not (easily) feasible since the innkeeper is itself a tenant and accessing another sub-wallet is generally not a good idea.

While a self-serve recovery option is possible, it will require having "privileged" access to the tenant via an "admin" api-key (see #1028). I am thinking this would be a better pattern especially since we (@loneil and I) have been discussing the possibility of not exposing the main keys at all to users requesting a new tenant, but rather providing them with tenant id/api-key combination to avoid potentially losing/leaking the main credentials (in which case a recovery endpoint might not even be necessary).

Thoughts/opinions on this are welcome.

[esune]

We are likely pivoting towards providing tenants with tenant id and api-key rather than the "full" wallet keys.