Sanity check PSBT before signing

[notmandatory]

"Wallet::sign, which could presumably be called with externally-provided PSBTs, calls update_psbt_with_descriptor which assumes multiple invariants on the PSBT. The PSBT is not sanity checked beforehand and would therefore make it possible to crash an application using the library and exposing a sign endpoint. The invariants are assumed in PsbtUtils::get_utxo_for's implementation for Psbt (called from update_psbt_with_descriptor): it assumes the inner tx has at least as many inputs as the PSBT and it assumes that the transaction provided in the PSBT input's non_witness_utxo field has does contain the output index referenced by the inner transaction."

"In the signer module, the previous transaction contained in a PSBT input is not validated against the outpoint for legacy and segwit v0 transactions. This is checked when creating a transaction, but this module may be used to sign a PSBT as an external participant."

[oleonardolima]

It won't be applicable after #70 and #235 in v3.0 release, as the signers module and its Wallet::sign APIs will be removed. Unless we choose to have a helper sanity check method, to be used by the users before the use of Psbt::sign, it could be in rust-bitcoin, though.

[nymius]

I agree rust-bitcoin, or at least the PSBT code in rust-bitcoin org is better suited for this, but shouldn't be a blocker to start implementing some logic here and later migrate it there, for anyone interested in trying to implement this now.
I did that recently in bdk-sp with send::psbt::derive_sp.