Secure/audit key changes

[tttp]

Setting up the encryption key is a very sensitive operation. I should be made much more visible:

• send an email to all the org users:
  "IMPORTANT: proca encryption key changed"
  {username} has changed the encryption key (public key {}.
  As of now, all new data from your supporters are encrypted with that key and only {username}, or someone that has the matching private key, can decrypt the signatures. Please be sure it's properly and safely stored, without that private key, you will not be able to access your supporters data. We do not have a copy of it."

It's good to keep a log of the key changes, either as an audit log, or at least add a "owner" to the encryption key (key to the user), so we know who changed it