Clarify potential number of public keys in use by a Meadowcap user

[sgwilym]

https://community.spritely.institute/t/meadowcap-capability-system-for-controlling-access-to-willow-data/411/3

By using “her public key” the system makes tracking trivial. In a system that better protects privacy, each capability should be tied to a unique key pair created for just that purpose. I would change that text to say

The implementation relies on signature schemes again. Consider Alfie and Betty, each able to create many key pairs. Alfie can mint a new capability for Betty by signing his own capability together with a public key Betty has created for this purpose…

Meadowcap does not mandate that each user only has one public key, and that is not self-evident from the current text.