Support multiple sets of transport keys per contact

This branch adds support for multiple sets of transport keys per contact, and transport keys that aren't bound to any contact. This allows us to negotiate transport keys asynchronously without losing forward secrecy.

The key manager rotates unbound keys but doesn't use them for incoming or outgoing streams until they've been bound to a contact. As well as being bound, keys must be activated before they can be used for outgoing streams. This can be done via the key manager API, or automatically when an incoming stream is received.

Each set of keys has an ID that's used for managing unbound keys, and also for choosing which set of keys to use for outgoing streams. Each device assigns IDs in increasing order, and higher IDs are preferred for outgoing streams, so a device will use the most recently created active keys (from its own point of view).

Once the old introduction client has been removed, we'll be able to remove the concept of inactive contacts. This branch includes a new way for the poller to query whether connections to a contact should be attempted.