Remove other signing keys after social recovery

[adamstallard]

Social recovery is the most authoritative recovery method. After social recovery, all signing keys, secondary devices, and "client apps" (apps needing signing keys) should be removed. This requires a user to relink any such devices and apps, but prevents a race with an attacker who has stolen someone's BrightID. Otherwise, the attacker could block the person from completing social recovery by removing any devices they add (assuming the attack took control of their previous primary device).