Validate the genesis config downloaded over RPC before accepting it

[mvines]

This PR replaces #8467, and additionally adds verification of a downloaded genesis.tar.bz2 before accepting it. If an RPC node serves a bad genesis, that node gets blacklisted and the validator tries another.

This should be sufficient to prevent the Chorus One poisoned genesis attack during SLP2 boot from reoccurring. However note that the Certus One bzip2 bomb as described by #8427 is not fixed here.

• Progress towards Validator cannot catchup in TdS with v0.23.6 #8406 and Better validate the contents of genesis.tar.bz2 and snapshot.tar.bz2 files from other nodes #8432
• This also might be a fix for Harden untrusted genesis file consumption #7919, what do you think @ryoqun? - update: no, because it doesn't consider genesis deserialization

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@407d058). Click here to learn what that means.
The diff coverage is 33.3%.

@@           Coverage Diff            @@
##             master   #8474   +/-   ##
========================================
  Coverage          ?   80.3%           
========================================
  Files             ?     256           
  Lines             ?   56447           
  Branches          ?       0           
========================================
  Hits              ?   45344           
  Misses            ?   11103           
  Partials          ?       0