Remove api_payment table ?

[Asone]

The HTTP paywall guard uses an api_payment table that registers the generated invoices.

As using a table for GraphQL paywall seems necessary to ensure the client provided invoice fits a requested data query, it might not be an absolute necessity for the global HTTP paywall.

We could remove the table and just check the provided invoice exists and has been paid through the LND service.

However, doing so would induce that the HTTP server could never be 100% sure that the provided invoice has been generated in a HTTP request context. Then so, providing any invoice that exists in the LND service could allow to go through the paywall. A few checks could be made to reduce the capabilities of passing through with non related invoice like checking the invoice value or the memo.

I currently have no clue if it would be a good idea and will probably leave the mechanism as it is, but want to keep the question opened for further options.