multi: make payment address mandatory

Make the payment secret field ('s') mandatory for BOLT11 payment requests,
implementing the requirement specified in BOLT11 spec PR lightning/bolts#1242.

This enhances privacy by preventing intermediate nodes from probing the
destination using payment onions.

This commit implements the following changes:
- Adds validation in `zpay32` to fail decoding if the 's' field is
  missing when no blinded path is provided.
- Adds a test vector for an invoice missing the 's' field.
- Updates existing tests to accommodate the mandatory payment address requirement.

Author: erickcestari

zpay32/invoice.go

@@ -381,6 +381,13 @@ func validateInvoice(invoice *Invoice) error {
 		return fmt.Errorf("no payment hash found")
 	}
 
+	// The invoice must contain a payment address (payment secret)
+	// if it does not contain blinded paths.
+	if len(invoice.BlindedPaymentPaths) == 0 &&
+		invoice.PaymentAddr.IsNone() {
+		return fmt.Errorf("no payment address found")
+	}
+
 	if len(invoice.RouteHints) != 0 &&
 		len(invoice.BlindedPaymentPaths) != 0 {