Two bugs prevented Pete's device from ever cross-signing itself:
1. Double login / split-brain: New() did a manual mx.Login() AND set
ch.LoginAs, so cryptohelper.Init() logged in a second time on a fresh
crypto store, minting a separate device. device.json recorded one device
while the olm account belonged to another, and every cold start leaked an
orphan device. Pete's outgoing events were attributed to a device whose
keys no client could verify. Removed ch.LoginAs (auth is already handled by
the manual login + isTokenValid re-login path).
2. Unreachable bootstrap: the reset gate used
IsDeviceTrusted(mach.OwnIdentity()), but OwnIdentity() hard-codes
Trust=TrustStateVerified, so it always returns true and the bootstrap/reset
branch was never entered. Replaced with GetOwnVerificationStatus(), which
actually checks whether the current device key is signed by our
self-signing key.