The timecache should be checked/updated after validation

[vyzo]

Currently, the timecache is checked/updated for seen messages prior to message validation.
This was done with the intention of avoiding duplicate message validation.
Unfortunately it introduces a censorship attack vector:
If an adversarial actor can predict a peer's sequence number (by observing a prior message), then it can attempt to send an invalid message with the predicted id.
The message will fail validation, due to signature firstly; but it will also poison the timecache, resulting in dropping a sebsquent message from the peer with the predicted id.

cc @whyrusleeping @Stebalien

[vyzo]

Proposed action: move the timecache check/update after validation.
It will result in duplicate validation of seen messages, but it will nullify the attack vector.

[vyzo]

In addition to the censorship attack vector, an adversarial actor can cause peers to consume memory in the timecache by sending a torrent of invalid messages.
The fix in #155 also closes this vector.

[Stebalien]

SGTM. We could also check in both places to avoid re-validating duplicate valid messages.

[Stebalien]

We could also have a separate (shorter) validation cache where we cache a hash of the message/author.

[vyzo]

We can do with a check of the valid message cache, but without update.

[vyzo]

Note that the hash cache won't work any better, as the author cannot be proven to be authentic prior to validation.