[FEATURE] Implement NIP-26 delegated key login via QR codes

[sethforprivacy]

Is your feature request related to a problem? Please describe. Currently when using Nostr, you have to expose your root private key to any client you wish to use with Nostr, including Amethyst. This opens up attack vectors that would expose your entire Nostr identity to being stolen or compromised.

A solution has been proposed in NIP-26, allowing you to delegate signing to new keypairs (likely one set of keys per client for granular control) by signing a delegation tag with the root key.

Leveraging this proposal allows you to still use Amethyst as normal but prevent your root Nostr key from ever being exposed.

Describe the solution you'd like Ideally, we will allow the delegation event signing flow to be handled as an alternative log-in method, with the ideal flow for me looking like this:

1. User opens Amethyst and is prompted with the login screen
2. An option appears above "Generate a new key" that says something about "Login with delegated keys"
3. A new screen appears, allowing a user to select the duration of the key delegation and the allowed permissions
4. Amethyst prompts the user to scan an npub via QR code
5. The user's hardware wallet displays their npub as a QR code, and Amethyst scans it
6. Amethyst populates a QR code with the delegation string and displays it for scanning by another device, like a hardware wallet
7. The hardware wallet processes the delegation string and displays the details on-screen
8. If the user approves of the delegation string, the hardware wallet creates a SHA256 hash of the string, signs it, and creates a QR code with the delegation token
9. Amethyst opens a QR code scanner, allowing the user to scan in the delegation token
10. After Amethyst validates the delegation token, it publishes the delegation note of kind 1 to a default set of relays and logs in as normal

As this allows granular permissions, we could implement a simple MVP that allows full access to delegatee's and implement granular permissions later with the necessary UI/UX changes to account for Amethyst not having permissions to perform certain actions.

Bounty (in Bitcoin sats) offered for the implementation I am offering a 1.5m sat bounty for this feature to be implemented in Amethyst.

Total bounty (as of April 4th): 3.5m sats

Additional context We will be working on an implementation of this flow for Passport, our hardware wallet, and I will provide a demo of the proposed flow as soon as we have that up and working.

For details on NIP-26 generally, you can see the specification here:

https://github.com/nostr-protocol/nips/blob/master/26.md