ibc: add withdrawal timestamp rounding chain rule

[avahowell]

this is a consensus-breaking change

Fixes #4064

[hdevalence]

What's the motivation for rounding to 2-second intervals rather than 1-second ones?

I might have miscommunicated in Discord, I was thinking of "even second" as meaning "on the second boundary" -- but looking at this I'm wondering what the right resolution should be. 1s is an "easy" answer, but what about 10 or 60, or greater?

[avahowell]

I don't have a good intuition for 'what amount of rounding covers the skew of >99% of machines', but I think single seconds might not be enough. From a user's standpoint quantizing withdrawal timeouts to minutes seems fine, so maybe 1 minute would be better

[hdevalence]

Let's set two rules:

• in consensus, require that timeout timestamps are truncated to one-minute boundaries
• in our clients, set the default timeout timestamp to be truncated to 1h boundaries

This leaves the possibility for someone who has a pressing need for finer grained timestamps to do so while setting a good default

[cronokirby]

For posterity, what's the reasoning behind baking a privacy setting like this into consensus? Is it to prevent mistakes with alternative clients?

[hdevalence]

Yeah, the "obvious" thing to do is set the timestamp as Utc.now() + timeout, and the existence of this rule means that that code will immediately break.

[avahowell]

Updated the chain rule to require rounding to 1 minute, updated pcli to round to 1 hour

[hdevalence]

@ValarDragon comments:

Dev, [Mar 21, 2024 at 10:55:18 PM]:
That make sense to me, but I personally wouldn't set a 1hr timeout as the default

I'd recommend 5m-15m, 1 hour is quite long

[avahowell]

Changed the pcli default to round to nearest 10 minute, per suggestion