fuzz: don't fail when fuzzer generates valid MAC

The cryptofuzz target was based on a false premise: that it is
impossible for any fuzzer to generate a valid ciphertext+MAC for the
decrypt function. Niklas Gogge proved this premise incorrect using AFL++
with the CMPLOG feature, which enabled AFL++ to generate such valid
messages.

We remove the assertions requiring decryption to fail and add the inputs
AFL++ found to the corpus.

Author: morehouse

tests/fuzz/corpora/fuzz-cryptomsg/solution-91d462b6755f937129fcab6715327f0e0f2e8c1e

@@ -0,0 +1 @@
+CBBp��0h�u��Ψ��Ӿ

tests/fuzz/corpora/fuzz-cryptomsg/solution-d5a84620e070d142563b0e6e5dd934c85242f3aa

@@ -0,0 +1 @@
+CB^~���kcȦO��zfB

tests/fuzz/fuzz-cryptomsg.c

@@ -78,7 +78,7 @@ static void test_encrypt_decrypt_equality(const u8 *msg)
 	assert(tal_arr_eq(dec, msg));
 }
 
-/* Test header decryption of arbitrary bytes (should always fail). */
+/* Test header decryption of arbitrary bytes. */
 static void test_decrypt_header(const u8 *buf)
 {
 	struct crypto_state cs_in = init_cs_in;
@@ -87,15 +87,15 @@ static void test_decrypt_header(const u8 *buf)
 	if (tal_bytelen(buf) < CRYPTOMSG_HDR_SIZE)
 		return;
 
-	assert(!cryptomsg_decrypt_header(&cs_in, buf, &len));
+	cryptomsg_decrypt_header(&cs_in, buf, &len);
 }
 
-/* Test body decryption of arbitrary bytes (should always fail). */
+/* Test body decryption of arbitrary bytes. */
 static void test_decrypt_body(const u8 *buf)
 {
 	struct crypto_state cs_in = init_cs_in;
 
-	assert(cryptomsg_decrypt_body(buf, &cs_in, buf) == NULL);
+	cryptomsg_decrypt_body(buf, &cs_in, buf);
 }
 
 void run(const u8 *data, size_t size)