Always-recoverable state

[noonio]

Why

It would build confidence if we could say that the Hydra Node is always able to be in a state where the protocol is recoverabe; i.e. each node can participate in the signing of snapshots, and no funds are stuck or lost. This would allow us to be confident that, say, random power outages, missed packets, etc, could not cause the Head to get into an invalid state.

What

• Resolve our "known stuck funds" problems
• Work out what we need to do to survive power-off and lost-message issues ( see #1591, among others )
• Document and otherwise test the approaches to recovery in various scenarios

How

TBD