tests: add functional test for tr musig2 miniscript decaying multisig #35443

This is closely based on test/functional/wallet_miniscript_decaying_multisig_descriptor_psbt.py both in code and concept. It builds the same "decaying" multisig that starts as 4-of-4 and decays to 3-of-4, 2-of-4, and finally 1-of-4 at each future halvening block height, but as a Taproot output, combining Taproot, Miniscript, and MuSig2 in a single descriptor of the form tr(musig(key_1,key_2,key_3,key_4),thresh(4,pk(key_1),s:pk(key_2),s:pk(key_3),s:pk(key_4),sln:after(t1),sln:after(t2),sln:after(t3))). While every signer is available the 4-of-4 is spent through the Taproot key path using a MuSig2 aggregate of the participants, which is the cheapest and most private spend, while the Miniscript script path is a fallback used only when a key becomes inaccessible, so a lost key never permanently strands the funds and the key path stays available even after the multisig has fully decayed. As with the wsh version the signers are plain single-key wallets and the multisig is watch-only, so everything needed to sign (including the MuSig2 participant pubkeys) is carried in the PSBT and signers never import the multisig descriptor. It serves as integration testing for Taproot, Miniscript, and MuSig2 descriptors working together, and like the wsh test is meant to be documentation as much as a functional test, so it is kept as simple and readable as possible.

Note: this thresh-based design has BIP110-invalid script-path spends. sln:after compiles to OP_IF in the tapscript leaf (the key-path spend is unaffected). I implemented an alternative that avoids this by splitting the decay into separate timelocked multi_a tapleaves (no OP_IF) in e0482ec. It's a quick, less-thoroughly-tested implementation, but I wanted to present it in case reviewers prefer that approach.

<!--e57a25ab6845829454e8d69fc972939a-->

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

<!--006a51241073e994b41acfe9ec718e94-->

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35443.

<!--021abf342d371248e50ceaed478a90ca-->

Reviews

See the guideline for information on the review process.

If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

<!--5faf32d7da4f0f540f40219e4f7537a3-->

LLM Linter (✨ experimental)

Possible typos and grammar issues:

• halvening -> halving [misspelled; the intended Bitcoin term is “halving”]

^{2026-06-02 16:02:31}

Concept ACK e588094

Based on a cursory glance, there is a lot of similarity with the other test mentioned in the PR description along with a duplicated method.

Consider merging these two files into one while getting rid of the duplication?

there is a lot of similarity with the other test mentioned in the PR description

Correct, the two tests are (intentionally) similar. This is meant to be a "baby step" improving the privacy of wallet_miniscript_decaying_multisig_descriptor_psbt.py

<img width="1186" height="77" alt="Screenshot 2026-06-03 at 10 44 47 AM" src="https://github.com/user-attachments/assets/3ee1a3a1-61d2-4e9a-9676-4995f9edd5ad" />

So they are generally the same aside from _spend_keypath and the test conditions exercising that.

That said, my preference is keeping these tests separate to prioritize them being maximally simple and easy to follow. I think the "documentation" value of these tests is greater than the test coverage provided. So in that spirit I intentionally duplicated some code to keep these tests elegant and straightforward incase someone references it while creating a wallet.

Thanks for the valid feedback, if more reviewers prefer consolidating I am open to it! These tests could be easily combined (also the OG test/functional/wallet_multisig_descriptor_psbt.py). But I preferred the 3 part series showing my preferred multisig in core as new technology matures: basic m-of-n => decaying miniscript => this.