bolt11: don't abort on invalid pubkey

Rather than crashing the entire node on invalid pubkey, check the
validity of the pubkey in decode_n, and return an error if invalid.

Detected by libFuzzer:
==265599== ERROR: libFuzzer: deadly signal
    #7 abort
    #8 bolt11_decode common/bolt11.c:999:4

common/bolt11.c

@@ -306,14 +306,27 @@ static const char *decode_n(struct bolt11 *b11,
 			    const u5 **data, size_t *field_len,
 			    bool *have_n)
 {
+	const char *err;
+
 	assert(!*have_n);
 	/* BOLT #11:
 	 *
 	 * A reader... MUST skip over unknown fields, OR an `f` field
 	 * with unknown `version`, OR `p`, `h`, `s` or `n` fields that do
 	 * NOT have `data_length`s of 52, 52, 52 or 53, respectively. */
-	return pull_expected_length(b11, hu5, data, field_len, 53, 'n',
-				    have_n, &b11->receiver_id.k);
+	err = pull_expected_length(b11, hu5, data, field_len, 53, 'n', have_n,
+				   &b11->receiver_id.k);
+
+	/* If that gave us a node ID, check it. */
+	if (*have_n) {
+		struct pubkey k;
+		if (!pubkey_from_node_id(&k, &b11->receiver_id))
+			return tal_fmt(
+			    b11, "invalid public key %s",
+			    node_id_to_hexstr(tmpctx, &b11->receiver_id));
+	}
+
+	return err;
 }
 
 /* BOLT #11:

tests/fuzz/corpora/fuzz-bolt11/crash-c4df1aeeec336a31cb468bef279a490cf472acb2

@@ -0,0 +1 @@
+lnbc1qqqqpqqnp4qqqlftcw9qqqqqqqqqqqqygh9qpp5qpp5s7zxqqqqcqpjpqqygh9qpp5s7zxqqqqcqpjpqqlqqqqqqqqqqqqcqqpqqqqqqqqqqqsqqqqqqqqdqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqlqqqcqpjptfqptfqptfqpqqqqqqqqqqqqqqqqqqq8ddm0a