v4 implementations might reject a message that contains a v6 signature

I think we messed up interoperability between v4 implementations and v5 implementations with v5 keys:

• On the one hand, a v5 key holder can send an encrypted message to a v4 recipient, but
• on the other hand, the message cannot be signed: a v5 signing key can only create v5 signatures, but the v4 recipent will not be able to verify it.
• Worse, the v4 implementation will most likely reject the message because many implementations are not sufficieltly robust to ignore the unknown signature version.