Guidance on using self-signatures in V4 and V5 keys

Document the "convention" of requiring a User ID self-signature in V4 keys, and recommend including one.

Then, recommend using direct-key signature to store information about the key for V5 keys, instead, and require implementations to check that at least one direct-key signature with a Key Flags subpacket exists before using a V5 key (in order to prevent an attacker removing a self-signature that specifies an expiration time, for example.)