Verify that a root authorization does not have any supporting proofs

[cdata]

When verifying authorizations pertaining to a sphere, we should check that the root authorization is in fact self-proving (which is to say, it was signed by the root sphere key), and doesn't contain any proofs in its prf field (as a matter of enforced convention).