[Tech] Hash cash keys

This week's half-baked proposal: hash cash keys, an extensions of SSKs
where the key includes an extra field, b, and the data must be
accompanied by a string whose hash shares a b-bit prefix with the hash
of the public part of the key. Nodes check the partial hash collision
before forwarding or storing the data; the string is forwarded and
stored with the data.

The key is written in the form SSK.b@foo,bar/baz, for example
SSK.32@foo,bar/baz for a 32-bit collision. This is for backwards
compatibility with KSKs: you can't put b after the @ sign because
everything after the @ sign is part of the name.

This should make it pretty trivial to add hash cash to Frost: just use
KSK.32 (for example) instead of KSK for new messages, and stop checking
the old KSK queues after a transition period of a week or two. The value
of b can be increased over time as computers get faster.

I'm probably missing something obvious here - anyone care to point out
what it is? :-)

Cheers,
Michael