Disable non-proxy keys in Signer API

[ltitanb]

Currently we allow commit modules to request signature from the validator consensus keys and proxy keys. Should we remove the possiblity to request signatures from consensus keys?

Pros

• improved security, as it avoids exposing consensus keys to potentially malicious modules

Cons

• hurdle for adoption, protocols need to support verifying the signature against a proxy delegation

[Daniel-K-Ivanov]

I think that in the future CommitBoost should NOT allow direct (non-proxied) signing, meaning that it should not be possible for a module to request the validator keys to sign a payload.

The community will be able to more easily adopt CB if the modules do not have rights to the validator key, but rather modules can only issue and use proxy keys.

Enforcing the usage of proxy keys makes the statement that CB priorities security and this is something that we want to advocate and stick to.

[Daniel-K-Ivanov]

Implementing a Commit Boost domain would help alleviate the security concerns I have listed above

[ltitanb]

After some discussions I think can still be allowed if on a different signing domain. Adding new keys comes with some operational burden, so we should leave this choice to validators / module developers