v4 of legacy-display cleanup

[Daniel Kahn Gillmor]

This is the fourth revision of the series that cleans up legacy-display
protected headers parts so that notmuch users only have to look at one
subject line.

version 3 can be found at id:20190625014107.12452-1-dkg at fifthhorseman.net
version 2 can be found at id:20190531075907.17035-1-dkg at fifthhorseman.net
version 1 can be found at id:20190531042825.27774-1-dkg at fifthhorseman.net

----------
Now that notmuch can handle and interpret protected subject lines, it
should also avoid forcing the user to look at "legacy display" parts
that some MUAs (notably enigmail) copies of the protected headers that
are intended to be rendered only by legacy clients -- clients capable
of decryption but which don't understand how to handle protected
headers.
----------

This series addresses the concerns raised by David Bremner on the
mailing list.

The differences from version 3 are:

 * clearer semantics within the patch series, both code and commit
   messages (e.g. indicating that a new return value is temporarily
   unused in patch 5, before using it in subsequent patches)

 * separating out the non-functional change in argument name
   ("payload" to "part") into its own patch (4/8) for clarity

 * using "goto DONE" instead of "break" in patch 6.

 * using INTERNAL_ERROR in patch 5 to catch potential future internal
   misuse of _notmuch_message_crypto_potential_payload.

If we can get this merged, i'll send a subsequent revision of the
series that repairs "mixed-up MIME" mangled messages.

I would appreciate any feedback!

  --dkg