sq should allow cipher, key strength requirements
To allow more nuanced articulation of security requirements, it should be possible to say that some algorithms are not allowed, or that, e.g., only 2048-bit RSA keys or stronger are valid. This should apply not only to user-facing encryption and signatures, but also to self-sigantures, binding signatures, etc.
Question (cc @dkg): should these requirements also apply to revocation certificates? It would potentially be dangerous if a revocation certificate was mistakenly ignored.