cosi: better discussion of key management and self-signed certs/keys

[bford]

Good suggestion from @trevp: need to discuss formal security properties better, with relevant citations, especially about key management and "self signatures" and such. In particular, we probably want to briefly discuss and cite some combination of these:

Some relevant background on related-key attacks:

• Horster et al, "Meta-Multisignature schemes based on the discrete logarithm problem"
• Michels et al, "On the risk of disruption in several multiparty signature schemes"

Constructions with security proofs (under various conditions/assumptions):

• Ohta/Okamoto, "Multi-Signature Schemes Secure against Active Insider Attacks"
• Micali et al, "Accountable-Subgroup Multisignatures"
• Bellare/Neven, "Multi-signatures in the plain public-key model and a general forking lemma" (delinearization approach)