Use SSSS for new key backups

[dbkr]

The key backup key info is currently stored in the metadata for the key backup. It needs to be migrated to Secure Secret Storage (matrix-org/matrix-spec-proposals#1946) so the user's recovery key / passphrase is for the SSSS master key and the backup key is then obtained via that.

This task covers:

• When we set up a new key backup, use SSSS instead of key backup metadata
• Support key backup keys in both key backup metadata and SSSS

Blocked on spec release of matrix-org/matrix-spec-proposals#1946 as this would already be two different places the key could be - let's not make it 3 with vendor/stable prefixes of SSSS.

js-sdk SSS impl is in the cross-signing PR: matrix-org/matrix-js-sdk#832

[jryans]

To avoid the bootstrapping cycles involved in creating all the various keys without all the infrastructure in place, @dbkr suggests:

• Create cross signing keys, but don't store the private parts yet
• Create an SSSS default key (which will be signed with the cross-signing master key you just created)
• Save the cross signing keys to SSSS
• Create key backup

[jryans]

As it turns out, the steps above are quite similar to #11212, so I'm effectively working on both issues. (After chatting with @dbkr, originally we weren't signing the SSSS key, so there was less of cycle than there is currently.)

[jryans]

For the moment, this is paused while we complete the related items in #11212.

[jryans]

@dbkr will be taking over here while I am away.