Reduce dependencies

[notmandatory]

Putting this here to discuss how we might reduce dependencies in our main crate, and where possible in the supporting crates we maintain.

Here is a good link that discusses some of the possible ways dependencies can introduce malicious code.

https://kerkour.com/rust-crate-backdoor/

[rajarshimaitra]

I think the best way to a generic approach towards this is to do all the "fancy stuffs" by hand. That document was scary. And given the nature of our library, this should definitely be a major lookout for us. We should also be watchful about deps of deps, and select our primary dependencies carefully.

PS: Why we don't write js. https://twitter.com/JeremyRubin/status/1461486715219038213?s=20

[LLFourn]

I think reducing dependencies just takes work. Very little you can do strategically about it at a high level. Probably the best thing you can do is target specific dependencies to remove based on how it would reduce the "trust base" for the crate i.e. how many maintainers it would stop us relying upon.

[notmandatory]

Team has discussed agreed the best way is to divide the main bdk crate into a core wallet module with very few dependencies and optional blockchain and database modules that by necessity will have more dependencies. This work has already begun in #535.