When a new key backup is created, fetch its key onto all devices

[andybalaam]

Otherwise it is very easy to get element-hq/element-web#29973

Currently, turning off & on Key Storage in one client breaks key storage on all the other clients.

This needs doing in EW and EX.

The fix is to notice when the current server-side key backup is different from our local, and send out a secret request to all trusted devices when we notice.

• EX: There is a TODO in the code saying we should do this: https://github.com/matrix-org/matrix-rust-sdk/blob/main/crates/matrix-sdk/src/encryption/backups/mod.rs#L715

• EW: We should do similar

(In both EX and EW we already notice this because when we try to upload a key we receive an error that this is the wrong version.)

Do we ask the user? "Your key storage has been updated - do you want to use the new version? (Only say yes if you changed your key storage on another device. If you say no, you have no backup.)"

Current opinion: AJB&VDH: if an attacker already has your verified device, they can steal the existing secrets (including backup key), so there is no point (that we can see) in them fooling you into changing to a new backup. So we think we should accept this new backup and key silently.

^ This needs discussing with Security team.

(Possible future MSC: a new special type of secret send that doesn't require a request, does include a secret name, and the receiver has logic like: "if you would have requested this, then accept it". I.e. if the current backup is different from your local backup version, and the newly-sent secret matches the key of the current backup, then accept the secret (and obviously only if you trust the sender in the same way as the current secret send logic. Spec for secret send: https://spec.matrix.org/v1.14/client-server-api/#msecretsend )

[richvdh]

element-hq/element-web#29171 and element-hq/element-web#29170 are somewhat related here