e2ee/qr: clarify that the device's Ed25519 signing key should be used

[sumnerevans]

Source @uhoreg in #e2e:matrix.org: https://matrix.to/#/matrix.org/$J6UbQwsakEsHMbv5yH7RUpM-OlklZ4U3Ti3VqWp9p8E?via=matrix.org&via=privacytools.io&via=envs.net

It should be the ed25519 key. There was probably a bit of a terminology mixup in the MSC. But all verification methods verify the ed25519 key. In theory, devices should be able to change their curve25519 key, as long as the ed25519 key stays the same, though I don't think anyone has ever actually tried that, and I don't know what would happen if someone did. (I suspect that we would see lots of exciting errors)

Signed-off-by: Sumner Evans sumner.evans@automattic.com

Pull Request Checklist

• [x] Pull request includes a changelog file
• [x] Pull request includes a sign off
• [x] Pull request is classified as 'other changes'

Preview: https://pr1829--matrix-spec-previews.netlify.app

[richvdh]

For the record: the affected bit of spec is https://spec.matrix.org/v1.10/client-server-api/#qr-code-format.