I would watch the validation lightning signer project, have your keys sperate from your node and also policy checks like max withdrawal and such