Make private gateways use a different identity key pair when communicating via couriers

[gnarea]

Executive summary

An attacker who controls the courier (#54) and a peer endpoint used by their target (#27) could infer the location of their target because the private gateway's address/fingerprint can found in cargo and parcel messages.

Describe the solution you'd like

This problem would be solved if private gateways used a different identity key pair when communicating with their peers offline (i.e., via couriers or when we eventually support mesh networks).

Related issues

• Including private gateway certificate in parcels could lead to fingerprinting #27
• Prevent a compromised courier from tracking cargo to/from private gateways #54