Recheck the logic that determines if a decrypted event is considered to be verified

[poljar]

There's a bunch of smaller things to take into consideration, i.e. was the room key received using a forward/backup/import, when determining if an event is verified.