RSA keys and subkeys are always listed as: usable for signing and decryption

From my understanding of sq key generate --help, generating a new key should by default create a new key plus three subkeys with individual capabilities for signing, authentication, decryption. However, if I run

sq key generate --own-key --name Alice --email alice@example.org --cipher-suite rsa2k

I get:

test@ossimoro:~$ sq key list
 - F2F1FAABFD7E5AE40B32C90C2CB83B4485ACAFDB
   - user IDs:
     - <alice@example.org> (authenticated)
     - Alice (authenticated)
   - created 2025-09-03 08:13:48 UTC
   - will expire 2028-09-03T01:40:09Z
   - usable for signing and decryption
   - @softkeys/F2F1FAABFD7E5AE40B32C90C2CB83B4485ACAFDB: available, unlocked

   - 6832D86813F35D2A8D8F5D5BE09F10238AE6FE71
     - created 2025-09-03 08:13:48 UTC
     - will expire 2028-09-03T01:40:09Z
     - usable for signing and decryption
     - @softkeys/F2F1FAABFD7E5AE40B32C90C2CB83B4485ACAFDB: available, unlocked
   - DEAF0F18D48404DB29435A33D02C4E82603A71F2
     - created 2025-09-03 08:13:48 UTC
     - will expire 2028-09-03T01:40:09Z
     - usable for signing and decryption
     - @softkeys/F2F1FAABFD7E5AE40B32C90C2CB83B4485ACAFDB: available, unlocked
   - FF69A559F03D12FFE4788A720FE1F249401AF31C
     - created 2025-09-03 08:13:48 UTC
     - will expire 2028-09-03T01:40:09Z
     - usable for signing and decryption
     - @softkeys/F2F1FAABFD7E5AE40B32C90C2CB83B4485ACAFDB: available, unlocked

Note that all the keys ("main" F2F1FAABF... key and subkeys) all have:

- usable for signing and decryption

I would have expected the main key to only be usable for certification, and the others individually for signing, decryption, authentication.

---

I also tried generating cv25519 keys:

sq key generate --own-key --name Alice --email alice@example.org --cipher-suite cv25519

and the result is:

test@ossimoro:~$ sq key list
 - 76C5B57614C461C4F5FC8B01D79093FB75097095
   - user IDs:
     - <alice@example.org> (authenticated)
     - Alice (authenticated)
   - created 2025-09-03 12:01:41 UTC
   - will expire 2028-09-03T05:28:02Z
   - usable for signing
   - @softkeys/76C5B57614C461C4F5FC8B01D79093FB75097095: available, unlocked

   - 1AE181B360D0B260D7ED6E41E32EC8E583751833
     - created 2025-09-03 12:01:41 UTC
     - will expire 2028-09-03T05:28:02Z
     - usable for decryption
     - @softkeys/76C5B57614C461C4F5FC8B01D79093FB75097095: available, unlocked
   - CDE4299C97CF0822809B4B3EC7724A4826CB1A28
     - created 2025-09-03 12:01:41 UTC
     - will expire 2028-09-03T05:28:02Z
     - usable for signing
     - @softkeys/76C5B57614C461C4F5FC8B01D79093FB75097095: available, unlocked
   - DB9D621557EF528394C9613F475FD13E10F1B416
     - created 2025-09-03 12:01:41 UTC
     - will expire 2028-09-03T05:28:02Z
     - usable for signing
     - @softkeys/76C5B57614C461C4F5FC8B01D79093FB75097095: available, unlocked

This is still confusing to me: again I'd expect to see the main key "usable for certification", and the others for auth/sign/decrypt, while I see one "usable for decryption" and two (!) "usable for signing".

My sequoia version:

$ sq version                                                                                                            
sq 1.3.1
using sequoia-openpgp 2.0.0
with cryptographic backend Nettle 3.10 (Cv448: true, OCB: true)