rend-spec: Note that the subject key in enc-key-cert always has sign=0.

This behavior is incorrect from the POV of preserving the key as a signing key, but it is what C Tor does. See setup_desc_intro_point, which has:

    ed25519_public_key_from_curve25519_public_key(&ed25519_pubkey,
                                                  &ip->enc_key_kp.pubkey,
                                                  0);

The "incorrectness" doesn't matter in practice: since we have the subject and signing keys inverted in this certificate, we never have to actually verify anything using this public key.

Found while investigating arti#1221 (closed).