Hardened derivation and forward secrecy

[fjarri]

In #132 we introduced BIP32 derivation for non-hardened paths. I am not sure if it is possible to support hardened derivation, and what kind of secret data would we use in this case. Maybe rid? (see #134 as well)

Also this seems to be connected to the issue of forward secrecy. Do we need hardened derivation for forward secrecy. or are there other ways to do it? Can we have both forward secrecy, and child public keys being derivable by a third party?

(This paper)[https://eprint.iacr.org/2021/1287.pdf] proposes a stateful derivation: after a child key is derived, the node's state is bumped (end of Section 4.2). So when a child key is compromised, it compromises only the keys that were derived after it.