Risks regarding Recovery Key sharing are poorly communicated

[crwood]

Currently, Gridsync operates under the assumption that Recovery Keys will not to be shared between multiple devices -- in other words, that a given Recovery Key will be loaded/used only in situations in which the original device (i.e., the one on which the Recovery Key was created) has been lost or is otherwise inaccessible to the user. Nevertheless, it remains possible for the original device to be restored -- or for the same Recovery Key to be loaded on multiple devices -- such that multiple separate devices could end up writing to the same remote location. Given Tahoe-LAFS's known limitations with uncoordinated writes, this could lead to errors or data-loss.

In current absence of a more involved Recovery Key "rotation" scheme (i.e., a scheme in which old/original Recovery Keys become invalidated after being loaded/used once), Gridsync should, at minimum warn users about the risks of using the same Recovery Key on multiple devices.