Implement inbound and reconnect protections

[jjyr]

Threat Model

• Adversary opens many inbound connections without channels and consumes connection/session
  resources.
• A reconnecting peer resumes protocol interaction before channel state is fully synchronized,
  causing correctness risks during replay/retransmission.
• A peer exploits reestablish edge cases to make us treat a channel as payment-ready too early.
• A peer sends replay-era TLC updates fast enough to cause unbounded temporary memory growth
  while sync is still in progress.

What we are defending

• Inbound connection slots and actor/session resources.
• Deffer tlc updates untils ChannelReady state is fully synced.

What we are not trying to solve in this series

• General reconnect orchestration and backoff policy. solved in channel: keep actors alive across disconnects #1217
• TCP level rate-limiter, attacker still can use different node_id to create inbound connections with our peer.
• Broader relay-layer reputation or congestion control.

[Copilot]

Pull request overview

This PR tightens Fiber node admission/control logic around inbound peers and inbound channel-open requests, and adjusts channel reestablish handling to avoid delayed ChannelReady notifications while bounding deferred peer TLC replays.

Changes:

• Enforce inbound no-channel peer budget by evicting the oldest no-channel inbound peers (including immediate enforcement on connect) and add tests for the behavior.
• Add per-peer throttling for “to-be-accepted” inbound channels and expand tests around per-peer behavior.
• Improve reestablish flow to emit ChannelReady promptly (or defer it until the missing ACK arrives), and bound deferred peer TLC update queue length by channel constraints.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
crates/fiber-lib/src/fiber/network.rs	Implement inbound no-channel peer eviction ordering + immediate enforcement; add per-peer pending inbound channel throttling.
crates/fiber-lib/src/fiber/channel.rs	Add runtime flag for pending reestablish ChannelReady, remove fixed delay, and bound deferred peer TLC updates.
crates/fiber-lib/src/fiber/config.rs	Update CLI/docs wording for inbound peer budget and pending inbound channel limits.
crates/fiber-lib/src/fiber/tests/network.rs	Add tests for inbound peer budget eviction and per-peer pending inbound channel acceptance.
crates/fiber-lib/src/fiber/tests/channel.rs	Add tests for reestablish ChannelReady timing, nonce restoration, deferred TLC replay bounds, and missing revoke+ack gating.
crates/fiber-lib/src/fiber/tests/settle_tlc_set_command_tests.rs	Update ChannelActorState test helper to include the new runtime field.
crates/fiber-lib/src/store/sample/sample_channel.rs	Update sample ChannelActorState constructors for the new runtime field.
crates/fiber-lib/src/store/tests/store.rs	Update store serialization tests to account for the new runtime field.

[quake]

A remote peer opens many inbound connections without channels and consumes connection/session
resources.

one remote peer can only open one connection, it's guarded by tentacle

[jjyr]

A remote peer opens many inbound connections without channels and consumes connection/session
resources.

one remote peer can only open one connection, it's guarded by tentacle

Fixed.

A remote peer opens many inbound connections..

->

A adversary opens many inbound connections..