p2p: Consider modifying `Head` to enforce a minimum quorum of responses necessary to proceed

[renaynay]

I'm not fully in agreement here but it's something Vlad and I discussed at the onsite. Backstory is Lumina ran into issues bootstrapping on Mammoth because it hardcoded 6 bootstrappers, but I had devops take down 5 because I was performing some tests. Everything was working well enough at the time with just 1 bootstrapper so I didn't tell them to spin the other 5 back up. However, Lumina hardcoded the bootstrappers and expected them (all or mostly?) to be responsive so that they can calculate a bestHead.

Right now, we allow bootstrapping off of 1 trusted peer/bootstrapper which Vlad disagrees with because of the ability of a malicious bootstrapper to serve a bad head.

I'm parking this issue here so we don't lose track of the discussion, but I don't have any concrete thoughts at this time other than I still think you should be able to bootstrap off of minimum 1 hardcoded peer if the rest are unresponsive. I can substantiate my point if needed.

[Wondertan]

For this case to occur, two things need to happen:

• All bootstappers are down except one
• The only available bootstrapper has to be malicious

While I doubt this is a likely scenario, bumping the minimum from 1 to 2 is not a significant issue, but def not a high priority one to be picked up.