make-secnet-sites: Provide --output-version option

make-secnet-sites: Provide --output-version option

This will be used to have make-secnet-sites produce
backward-compatible output for older readers.

This is mostly going to be used for a filtering mode, where
make-secnet sites will copy its input to its output downgrading things
as it goes.

It is also going to have the effect of limiting the secnet.conf file
output when --pubkeys-install is not specified, so that the peer key
that appears in the generated sites.conf is the old-style
pre-negotiation RSA key, as demanded by the spec.

The users of this variable, and the whole --pubkeys-install option,
and the filtering mode, are yet to come.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>