InvisibleCrypto | Share Room Keys: Add a new `tofu` flag on `ReadOnlyUserIdentity`

[BillCarsonFr]

Part of https://github.com/element-hq/crypto-internal/issues/282 (Invisible crypto).

As per MSC4153

Matrix client should intialy blindly trust the identity, and display non-blocking warnings when identity changes.

In order to know if an identity change has been shown to the user, we need a flag on the identity to store it.

• Update identity struct to store that flag
• Ensure migration by just marking existing identities in cache as tofu trusted
• The first time an identity is seen for a user, mark it as tofu trusted
• If an identity change is detected, store the identity and mark the flag as false
• Add a new API to mark the identity change as seen by the user (should be set by the app)
• Test

Notes from https://github.com/element-hq/crypto-internal/issues/307:

Add a new flag on read only identities tofu_trusted, that is set to true when it's the first time an identity is seen for a user. It shoud be set to false when a new identity is detected. This flag can be set back to true via API. As per tofu implementation client should ensure that this flag is only updated to true when the identity change notice has been shown to the user.

[richvdh]

I think we can maybe now consider this fixed, by #3639?