backwards compatible with old SAs and CMs until new code makes it
out to everyone. So the CM now does a version check at the target SA,
and if an old version 1, use the bogus self signed cred. If the SA is
version 1.01, send a proper sliver credential.

In the SA, accept older bogus credential for now, but start accepting
the new sliver credential, and apply more stringent checks.