fix: Don't verify contacts by others having an unknown verifier

If this happens, mark the contact as verified by an unknown contact instead. This avoids introducing
incorrect reverse chains: if the verifier itself has an unknown verifier, it may be `contact_id`
actually (directly or indirectly) on the other device.

Author: iequidoo

src/contact.rs

@@ -1992,6 +1992,12 @@ pub(crate) async fn mark_contact_id_as_verified(
                     verifier_id == contact_id || verifier_verifier_id != ContactId::UNDEFINED,
                     "Contact {contact_id} cannot be verified by unverified contact {verifier_id}",
                 );
+                if verifier_verifier_id == verifier_id {
+                    // Avoid introducing incorrect reverse chains: if the verifier itself has an
+                    // unknown verifier, it may be `contact_id` actually (directly or indirectly) on
+                    // the other device.
+                    verifier_id = contact_id;
+                }
             }
             transaction.execute(
                 "UPDATE contacts SET verifier=?1