Already verified key-contacts are "re-verified" by a different contact

[link2xt]

I have noticed that a recently added new contact is verified not by someone who has added the contact to verified group, but by someone else. Later, "introduced by" for this contact changed. Following "introduced by" links ended up in a loop.

Apparently verifier of the contact changes without "member added" or QR code scan. It is correct that direct QR code scan should change verifier to self, but otherwise indirectly introduced contacts should not change verifier just by chatting.

In mark_contact_as_verified we set a new verifier unconditionally which is correct if we want to set verifier to self:

core/src/contact.rs

Lines 1979 to 1982 in 2e2cfc4

	transaction.execute(
	"UPDATE contacts SET verifier=? WHERE id=?",
	(verifier_id, contact_id),
	)?;

But otherwise if verifier_id is not SELF, we should not update verifier.

The fix is simple, but we also need to reproduce the bug to have a regression test.