bolt11: don't abort on invalid pubkey

Rather than crashing the entire node on invalid pubkey, we should return
an error.

Detected by libFuzzer:
==250024== ERROR: libFuzzer: deadly signal

[ Changed so that `n` really does check that it's valid --RR ]

    #7 abort
    #8 bolt11_decode common/bolt11.c:1002:4

Author: morehouse

common/bolt11.c

@@ -306,14 +306,26 @@ static const char *decode_n(struct bolt11 *b11,
 			    const u5 **data, size_t *field_len,
 			    bool *have_n)
 {
+	const char *err;
+
 	assert(!*have_n);
 	/* BOLT #11:
 	 *
 	 * A reader... MUST skip over unknown fields, OR an `f` field
 	 * with unknown `version`, OR `p`, `h`, `s` or `n` fields that do
 	 * NOT have `data_length`s of 52, 52, 52 or 53, respectively. */
-	return pull_expected_length(b11, hu5, data, field_len, 53, 'n',
-				    have_n, &b11->receiver_id.k);
+	err = pull_expected_length(b11, hu5, data, field_len, 53, 'n',
+				   have_n, &b11->receiver_id.k);
+
+	/* If that gave us nodeid, check it. */
+	if (*have_n) {
+		struct pubkey k;
+		if (!pubkey_from_node_id(&k, &b11->receiver_id))
+			return tal_fmt(b11, "invalid public key %s",
+				       node_id_to_hexstr(tmpctx, &b11->receiver_id));
+	}
+
+	return err;
 }
 
 /* BOLT #11: